Questions with onboarding

#1

Hi All,

First of all, I am new to OpenEDR, I started with the cloud version since 2 days now, to see what OpenEDR is all about.
I got some questions, I have watched the youtube onboarding videos, but my questions remain unanswered.

  1. If I watch the getting started video: Getting started in this example, a test.bat is created. I have done this as well, however, no entries are made where I can see the commands run.
  2. How often is the data reported back to OpenEDR? Every Hour? Can I change this?
  3. Currently we are running Trend Micro Antivirus. OpenEDR comes with an antivirus module. Do they bite each other? Do I need to make exceptions on one or both kinds of Antivirus?
  4. Do I need to make firewall exceptions for the traffic to be reported to OpenEDR Cloud?
  5. Is there a complete manual for the further config?

Kind Regards, Tom

#2

hi @Tom_HG

I shall get back to you on the queries with respective response.

Thank you for writing to us.

#3

1- Where did you query? On Cloud Version , you can query via Endpoint Security/Analyze
2- I guess, you mean the endpoint data pushed to the cloud, it is streamed back to cloud immediately however processing, indexing, aggregating etc might take some minutes based on the overall load. In normal cases, all operation is completed within 3-5 min.
3- Did you install only open EDR agent or Security Agent as well. Both agents can live on the same environment with TrendMicro however some functions might require whitelisting. Please also aware that due to fighting over hooking to the processes, you might see some CPU spikes
4- here you can find all traffic requirements : Xcitium Enterprise Admin Guide - Appendix 1c: EDR Services - IP Nos, Host Names and Ports| Xcitium
5- You can find all documentation here : Xcitium Enterprise Help Guide

#4
  1. security–>endpoint security–>investigate–>event search, like in the Youtube video. No results there. Is the Endpoint Security section also filled with data if I only have the EDR client installed?
  2. Not happening every 5 mins. Checked the server connection script, connection is made fine.
  3. This is not working at all. After reboot my laptop became completely unresponsive. I made a test setup with 3 systems:
  • Clean installation, Win10, No TrendMicro(Apex One), installed EDR+Security: system runs fine.
  • Clean installation, Win10, Trend Micro(Apex One), installed EDR+Security: System is not functioning, login screen takes forever, programs not loading
  • Clean installation, Win10, Trend Micro(Apex One), installed EDR: System runs fine.
    What do I need to whitelist in which program? Combination Trend Micro and OpenEDR/Security is not working at all… I would appreciate your help!
#5
  1. Yes EDR should be installed
  2. Please open a ticket to support@xcitium.com, they will help you to investigate and resolve if there is any issue. They will request you to run some troubleshooting exe to gather all config/logs
  3. Please try Containment Only profile for Security agent, that is the profile optimized for compatibility for other products. Again you can consult support@xcitium.com for any other whitelisting if that is required.