EDR Code in GitHub - Code Discussions

EDR - Endpoint Detection & Response code base in GithHub and discussions about anything and everything to do with that code. OpenEDR code base is open source and is available in GitHub and happy to discuss anything coding related in this thread.

Sorry we were silence for a while but working hard to make edr open source. Yesterday we have pushed the code to github https://github.com/ComodoSecurity/openedr and there you can build the code and follow the instructions to get all telemetry data.

Tomorrow, we are going to release our signed binaries so you dont have to build the code etc but start using it. Now we need your contributions more than ever for the code, rules, content, ideas. Lets start the journey

1 Like

Thanks for the update Ozer, by default does it ship with standard rules by comodo? Or user would have the leverage to change the policy like we do in cWatchEDR?

Current release is coming with standard rules, for changing policy based on the local policy files, why not you open our first feature request on github :slight_smile: I just announced contribution guide.

1 Like

Hi, I am interested in how the EDR agent implements service/file protection. One requirement is for the EDR to prevent an admin-level user from stopping the service. How does OpenEDR implement such protection?

Hi ozer. Does OpEdr have Powershell interception function?
How to achieve?PsSetCreateProcessNotifyRoutineEx?Easy to bypass.

Yes we use PsSetCreateProcessNotifyRoutineEx to get notified, what would you suggest?

New source code is now available.