Here we will discuss about coding for OpenEDR
Sorry we were silence for a while but working hard to make edr open source. Yesterday we have pushed the code to github https://github.com/ComodoSecurity/openedr and there you can build the code and follow the instructions to get all telemetry data.
Tomorrow, we are going to release our signed binaries so you dont have to build the code etc but start using it. Now we need your contributions more than ever for the code, rules, content, ideas. Lets start the journey
Thanks for the update Ozer, by default does it ship with standard rules by comodo? Or user would have the leverage to change the policy like we do in cWatchEDR?
Current release is coming with standard rules, for changing policy based on the local policy files, why not you open our first feature request on github I just announced contribution guide.
Hi, I am interested in how the EDR agent implements service/file protection. One requirement is for the EDR to prevent an admin-level user from stopping the service. How does OpenEDR implement such protection?
Hi ozer. Does OpEdr have Powershell interception function?
How to achieve？PsSetCreateProcessNotifyRoutineEx？Easy to bypass.
Yes we use PsSetCreateProcessNotifyRoutineEx to get notified, what would you suggest?