EDR not picking up anything

Hello,

I wanted to try OpenEDR for personal use. I created an account, onboarded my machine and installed the EDR component. My problem now is that EDR is not picking up anything. There are no information about anything.

I have tried to download the Eicar file to test the detection, but as I said… Nothing.
I followed the video, but it is not really working for me: https://www.youtube.com/watch?v=lfo_fyinvYs&ab_channel=Xcitium

Can anyone help me out? Are there any prerequisites?

hi @KEDR

Please find the below guide which helps you with EDR set up

Hi @nivedithab

thank you for the guide.
Unfortunately the problem still exists. The device is enrolled with the EDR Agent.
The only thing i can in see are some Write File Events.

Any ideas why no alerts are generated or why i can not see anything else?

hi @KEDR

to further investigate the reported issue, our support team need the local logs from one of the affected endpoints.

  • If you wish us to collect the endpoint logs from our side, please let us know the name of the affected device and make sure Remote Access Support is enabled under Management > Account > Remote Access Support ( Xcitium Remote Access Support, Xcitium, Xcitium ). You may also find the necessary steps listed in the attached document. After this option is enabled, provide us with the name of the affected device on Endpoint Manager portal.
  • If you do not wish to provide us with remote access, and if the device communicates with the Xcitium Platform, run the the predefined procedure “Collect Comodo One logs using new CIS report tool” on the affected device - do not forget to provide us with the name of the device so we can identify the output on our side. However, if the device does not communicate with the Xcitium Platform, please download and run the following report tool on the affected device: https://download.comodo.com/cis/download/installs/cisreporttool/cisreporttool.exe . The tool collects both XCC & XCS logs and attempts to upload them to our SFTP (Device name is included in the name of the output). To be able to to identify the logs on our side, please provide us with the local name of the device to our support team support@xcitium.com to assist you further with the issue.

thank you

Dear @nivedithab,

I’ve the same issue. The EDR doesn’t capture the ProcessCreate events; I see only the WriteFile events on the endpoint.

Finally, using the old portal version, I enabled the Remote Access Support. The device that has this issue is named windows10.

King regards.

hi @TheThMando

please mention you account admin email details and that you have enabled the remote access control along with the issue device name to our support team support@xcitium.com to assist you further with the issue.

thank you