Site search is available on home page

IBM Security Trusteer Rapport/Endpoint Protection

By , www.winhelp.us. Last modified: 2014-11-03.

How to use IBM Security Trusteer Rapport for protection from financial malware in Windows XP, Vista, 7, 8 and 8.1

IBM Security Trusteer Rapport (aka Trusteer Endpoint Protection) prevents banking trojans such as ZeuS, SpyEye, Silon, Torpig and other financial malware from grabbing your login credentials and robbing your online bank account, or stealing your identity from other websites. It also provides protection from keylogging, screen grabbing and phishing.
The free program has a long list of partner web sites where its protections turn on automatically, and you can specify up to 100 other web sites to protect.

Rapport protects your personal data by creating a secure tunnel between your browser and your bank (or the website you are logging in to) and so it keeps you safe from Man-in-the-Browser (MITB) malware and Man-in-the-Middle (MITM) attacks. All browsers are checked for unauthorized modifications before launching to prevent malware infections and information theft. Trusteer Rapport also secures browsers' memory to avoid malicious code injection. Furthermore, it is well capable of removing financial malware all by itself - but do not ditch your anti-virus and anti-malware programs, for Rapport detects and kills only certain types of malware.

Keylogging protection is provided by encrypting all keystrokes before they reach your web browser.

If you enter a protected user name/password combination on an unknown page, Rapport will pop up a warning that asks to verify you are on the correct site. This way, phishing your Twitter user name and password on itwittier.com or twiitter.com is prevented.

IBM Security Trusteer Rapport/Endpoint Protection updates itself automatically to provide best protection from latest threats. Sometimes a restart is required for all new settings to take effect, but this does not happen often.

Rapport works in major Internet browsers - Microsoft Internet Explorer (including even the Metro/Modern UI version of IE 10 and 11), Mozilla Firefox, Google Chrome and Apple Safari. Sadly, Opera is not supported yet.
Rapport protects both 32-bit  and 64-bit browsers, and it works fine in both 32-bit (x86) and 64-bit (x64) Windows XP, Vista, 7, 8 and 8.1. If you do not see Rapport icon in browser's address bar, please download and update it manually.

The software has a long history since 2006, and even a longer name after IBM bought Trusteer in September 2013 (Trusteer Rapport and Trusteer Endpoint Protection are used interchangeably). Well, everyone should know IBM, so safety of the program is guaranteed. Smile
The program also works on Macs, and you can get free secure browser for Android and iOS devices.

Downloading and installing IBM Security Trusteer Rapport/Endpoint Protection

Go to Rapport download page, and click the link to the right of "PC users:". The same link can be used for manual updating of the software.
IBM Security Trusteer Rapport download page. Click the link for PC users to download Rapport setup file.

Trusteer Endpoint Protection Installer will first notice you about possible firewall or anti-virus program alerts during the install. So, if you see any alerts, it is recommended to click Unblock, Yes, Allow or Permit buttons to let the setup safely finish.
Click OK.
IBM Security Trusteer Endpoint Protection Installer, warning about possible firewall and antivirus software alerts. Click OK.

Rapport/Endpoint Protection will then download the rest of installation files. Just stand by, this won't take long.
After this, setup will begin. Select the I accept the terms in the license agreement option and click Install.
The Advanced button is for those who have visual impairment or color blindness.
IBM Security Trusteer Endpoint Protection Setup, License Agreement. Click the 'I accept the terms in the licence agreement' option. Then click Install.

The installation takes a few minutes. Click Finish after it is complete.
IBM Security Trusteer Endpoint Protection Setup complete. Click Finish.

An "Installation Completed" page opens in your default web browser. You can safely close the Tab.
IBM Security Trusteer Rapport Installation Completed web page. It is safe to close the tab.

If you updated Rapport manually, you might have to restart your PC for new features to come in effect.

Using IBM Security Trusteer Rapport/Endpoint Protection

You will see a new gray button with a white arrow pointing left in your browser's Address Bar or Toolbar. This shows that Trusteer Rapport is running.

Please remember to always check for the icon before entering some protected website - if Rapport needs upgrading or a restart, the icon might disappear from Address Bar or Toolbar. This might also happen after installing a new web browser or after a major version upgrade of a browser.
If there is no Rapport icon in Address Bar or Toolbar, it means your sessions are not protected.

While the button is gray, the software is not protecting your information on this website.
To keep your login credentials and other information safe on the website, click the Trusteer Rapport/Endpoint Protection button and then click Protect this Website.
As written in the information window, it is recommended to enable Rapport for every website that contains your personal information or requires logging in. Free version protects up to 100 websites - quite enough for an average Joe.
IBM Security Trusteer Rapport/Endpoint Protection button in Internet Explorer's Address Bar. To protect a website, click the gray button and then click 'Protect this Website'.

Rapport's button turns green to indicate that the protection is turned on. The button will be green each time you will visit the site from now on.
If you click the green button, Rapport/Endpoint Protection will notify you that this website is protected by Trusteer.
IBM Security Trusteer Rapport's green button, this website is protected by Trusteer.

The first time you type in your credentials for a protected site and hit Enter key or click some login button, Trusteer Rapport offers to start protecting the password.
This also means that you should not reuse the passphrase on different websites. Please remember to use different passwords for different online services to prevent easy identity theft - read the Creating strong passwords and Password Safe articles to help you with this!
Click Protect.
Trusteer Endpoint Protection has identified password submission. Click Protect.

Now all you have to do is to click the gray button once for each website that contains or requires sensitive data in order to protect you from password-stealing malware. Yeah, banks, online stores, webmail and social network sites should be the first in line. Laughing

IBM Security Trusteer Rapport/Endpoint Protection phishing protection in action

In case you enter a protected user name/password combination on a different site (for example, your PayPal credentials on www.paypal.badsite.com), Trusteer Rapport will pop up a Protected Information Warning dialog.
Now it is time to take a good look at browser's Address Bar and verify that you are on the correct site! The warning dialog lists both the site where you normally enter this data and the site you are visiting right now.
If the site's address is not the one you were expecting, click the Get me out of here! button immediately - this could be a phishing attempt.

Oh, and if you tend to re-use passwords (a very, very bad security practice!) and you really are on the correct web site, click Trust this site. But please do not use the same password everywhere as this can cost you dearly in case your login credentials end up in the hands of cyber-crooks who want to empty your bank account or shop online using your credit card or virtual money.
Read the Creating strong passwords and Password Safe articles for good password practices and storing+auto-filling credentials securely!
Trusteer Rapport, Protected Information Warning, you have just entered text similar to your login on. Verify that your really are on the correct site, not a phishing page! If the site or its address looks suspicious, click 'Get me out of here!'.

In case you were on a suspicious site, Trusteer Rapport offers to go to your browser's home page or the site where you normally enter these login details.
Click either my home page, or the other link. Both are safe options.
Trusteer Rapport, Protected Information Warning, you have chosen not to send your information to the site. Click the 'Take me to my home page' link.

Configuring IBM Security Trusteer Rapport/Endpoint Protection

You can change Rapport/Endpoint Protection settings by clicking (not right-clicking!) its icon in Taskbar Notification area (aka System Tray), or by clicking the program icon in browser's Address Bar and clicking Open Console.
Please note that administrative rights are required for some changes.
IBM Security Trusteer Rapport icon in System Tray. Clicking it opens Rapport/Endpoint Protection console. Trusteer Rapport/Endpoint Protection information window in web browser. Click 'Open Console' to configure the program.

If no Address Bar or System Tray icon is visible, or you need to launch Trusteer Console with elevated permissions, open Start menu (Windows Vista and 7) or Start screen (Windows 8 and 8.1), type trusteer, right-click Trusteer Endpoint Protection Console and select Run as administrator.
In Windows XP, open Start menu, expand All Programs, Trusteer Endpoint Protection, right-click Trusteer Endpoint Protection Console and select Run as.
Windows 7, Start menu, search for 'trusteer'. To launch Rapport Console with administrative permissions, right-click 'Trusteer Endpoint Protection Console' and choose 'Run as administrator'.

The first thing to check is to verify that both Address bar and Tray icons are visible. If not, click the Show link(s). Please note that every non-default setting has orange box with white exclamation mark.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard. If Address bar icon or Tray icon is hidden, click 'Show'.

Second, verify that there are no pending updates that require a restart. If there are, reboot your computer ASAP.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard. If there are pending updates, restart your PC for the changes to take effect.

To verify that other settings are as recommended, click the More Settings link in Product Settings section.
Then, in Product Settings tab, make sure that all items have check marks in green boxes. Some changes might require restarting your web browser(s).
Close the tab after making changes.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard, Product Settings tab. Make sure all options are set as recommended (green). Close the tab.

Managing trusted websites in IBM Security Trusteer Rapport/Endpoint Protection

In rare cases, you might need to decrease the number of websites that you manually added to Rapport/Endpoint Protection. To do that, click the Browse Trusted Websites link in Trusted Websites section.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard, Trusted Websites. Click 'Browse Trusted Websites' to manage your own list of sensitive sites.

Truster Partner Websites is a fixed list of banks and companies that work closely with IBM Security/Trusteer. You can only open the listed websites there.
To manage the list of your personal additions, click Websites you manually added.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard, Trusted Websites. Click 'Websites you manually added'.

The list is sorted alphabetically. Click remove for any site you no longer need.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard, Trusted Websites tab. Click 'remove' to stop protecting a site/password.

This action will be confirmed, click OK. Close the tab after you're done.
IBM Security Trusteer Endpoint Protection, Are you sure you want to stop protecting site? Click OK.

Managing Trusteer Rapport/Endpoint Protection activity reports

Normally you get a notice about a weekly report on the second day of Endpoint Protection usage. Click Open report.
Trusteer Rapport, Your periodic activity report is ready and consists of number events. Click 'Open report'.

Alternatively, click Full Report link in Trusteer Rapport Dashboard, Weekly Activity Report section.
Trusteer Rapport Dashboard, Weekly Activity Report. To see events related to Endpoint Protection, click 'Full Report'.

Please verify that there is nothing suspicious on the report - Num. of blocked screen capture events, Num. of certificate mismatch events, Num. of blocked IP addresses events, Num. of blocked browser add-ons events, Num. of blocked cookie access events, Num. of credentials submission eventsNum. of Malware Detection Events and Num. of Risk Site Alerts should all be zero.
If any number of these events is higher than zero, it is highly recommended to scan your computer with Malwarebytes Anti-Malware and make sure that your anti-virus program is running and up-to-date.

Num. of character replacement events is purely informational, it just shows that anti-keylogging was activated.
Trusteer Rapport Dashboard, Weekly Activity Report tab. Check that any number of blocked events is not higher than zero. Other events are just informational.

To see details about any events, click a line once.

If you want to keep getting Rapport's weekly reports, tick the Automatically present this report at the beginning of each week box.

Close the tab.

Resetting Trusteer Rapport/Endpoint Protection policy to defaults

Some upgrades bring new features that will not be enabled by default for existing users. It is strongly recommended to open Rapport/Endpoint Protection console and verify policy settings every two or three months.

First, move to the second page by clicking the large green Next Page button on bottom right of Rapport/Endpoint Protection console window.
Then make sure that the Edits field in Security Policy section states "0 (Default settings)". If not, click the Edit Policy link.
IBM Security Trusteer Rapport Dashboard, Page 2, Security Policy. If 'Edits' is higher than 0, click 'Edit Policy'.

Because policy is a sensitive thing, Rapport/Endpoint Protection opens a User Approval tab with CAPTCHA image. Type the six characters on the image and click OK.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard, User Approval. Enter the characters from image and click OK.

In the Security Policy tab, click Restore Defaults. A message about unsaved changes appears, click Save on the left.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard, Page 2, Security Policy tab. Click 'Restore Defaults' and then click 'Save'.

Some changes might require restarting web browsers or rebooting your PC. Click OK in the informational dialog. Please note that this will not close programs or initiate a restart, you'll have to perform these actions yourself.
IBM Security Trusteer Endpoint Protection, The following settings will take effect for new browser sessions. Click OK.

Using the Security Best Practices report in IBM Security Trusteer Rapport/Endpoint Protection

Besides protecting your information, Rapport has a built-in security check called Security Best Practices. The report will notify about important out-of-date software, such as Adobe Flash Player, Java SE, web browsers, etc.

See the Security Best Practices section on the second page of Rapport console. If there are improvements available, click View Report.
IBM Security Trusteer Rapport/Endpoint Protection Dashboard, Security Best Practices. Verify that everything is up-to-date by clicking 'Scan again'. IBM Security Trusteer Rapport/Endpoint Protection Dashboard, Security Best Practices, improvements you might want to consider. Click 'View Report'.

This will open a list of possible weaknesses in your computer security. In this example, Adobe Flash Players and Reader, plus Mozilla Firefox are outdated.
If you click on a Rapport's suggestion, you will see some general guidelines for resolving the problem.

A general rule of thumb is to close all browser windows while updating software that has browser plug-ins/add-ons - many programs do not replace plugin files that are currently in use. For example, if you do not close Firefox while updating VLC Player or Adobe Reader, you might end up in a situation where Firefox plug-in is outdated, but those of other web browsers are fine. This means that you must close all browser windows and run the update again.
You can also visit Browser and Plug-in Check page to see if everything is in perfect order.

After you have resolved all weaknesses, it is necessary to click the Scan again link.
IBM Security Trusteer Rapport Dashboard, Security Best Practices tab. Clicking on an issue opens risk description and recommended actions.

Close the tab after you're done.

Happy surfing! Smile

 

 

Sub Navigation

Sub Navigation
Next: Microsoft EMET
Previous: Secunia PSI
comments powered by Disqus