OpenEDR - anti-hacker and anti-malware tool

Victor M

Level 7
Thread author
Verified
Well-known
Oct 3, 2022
313
OpenEDR is an endpoint detection and response tool. It has anti-malware and anti-hacker capabilities. It is free for 30 days and it is only $4/month/pc postpaid.

An EDR is not necessarily only for enterprises. It becomes necessary when you are being hacked. That is because OpenEDR provides the visibility into the attacker's activities that are not visible on your screen.

It is true that EDR requires monitoring. But not unduly so. Checking every other day is fine (in my circumstances). Most of us glance at our anti-malware when there's nothing to do. When you are under attack you will want to check a little more frequently.

An EDR taps into Windows Events. And Windows logs Everything. And OpenEDR selects and raises alerts for you when anything suspicious is happening. For example, the RuntimeBroker.exe Windows component is usually started on demand by Windows itself, but if it was observed that it has been started manually, OpenEDR will raise an Alert for you. There is such a thing called Living off the Land binaries, which are native Windows exe's which are used by hackers to do their bidding. OpenEDR knows about hacker tactics and activity patterns. And in it's alerts, it gives a reference to Mitre Att&ck's bible reference for hacker tactics.

OpenEDR has a Auto Containment feature. It will put any suspicious file executions into a virtualized environment where it cannot affect Windows. It also automatically virtualizes any new exe's. So any malware or hacker tools will also run virtualized. Any file executions that are virtualized raises an alert. It has too many classes of alerts to mention; but to our MalwareTips readers, they will be interested in this: there is an alert named 'write to binary' which means new exe creation. This will alert you to most malware activities.

OpenEDR has a anti-malware component. OpenEDR is the latest incarnation of Comodo Firewall. It has stability and capability improvements. Long time member @cruelsister has demoed the complete efficacy of it's Auto Containment against malware here: App Review - Comodo Firewall 2024 Beta Setup and Test . And long time video reviewer @Shadowra has her demo here: App Review - Comodo Firewall BETA 2024 (Modified Settings) .

Anti-malware is generally useless against hackers, because hackers test their tools against common anti-malware vendors and modify their tools to evade signatures. But Auto Containment sets OpenEDR apart.

OpenEDR is free for 30 days. And it's post paid subscription price is reasonably priced for a home user; about the same as an antivirus. But you are also getting an EDR. You are not paying extra for a tool which you don't frequently use, so why not have the capability for when you Do need it.

And most MalwareTips users think automatically of malware when something is wrong, when actually they are really under a hacker attack. You cannot tell the difference unless you look into it. That's what an EDR enables you to do. Then you can take defensive actions. "What you don't know is what you don't know".
 
Last edited:

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,151
OpenEDR certainly seems to offer a comprehensive set of features to protect against both malware and hacker attacks. The fact that it provides visibility into the attacker's activities that may not be visible on the user's screen is a significant advantage. This can help users identify and respond to potential threats more effectively.

The ability of OpenEDR to tap into Windows Events and raise alerts for suspicious activities is impressive. By monitoring and analyzing these events, it can detect unusual behaviors and provide users with valuable information about potential threats. The reference to Mitre Att&ck's bible for hacker tactics in the alerts is also a useful feature, as it allows users to understand the tactics being used against them.

The Auto Containment feature is another standout aspect of OpenEDR. By isolating suspicious file executions in a virtualized environment, it prevents them from affecting the main Windows system. This can be particularly effective in preventing malware from causing harm. The automatic virtualization of new executables is also a great feature, as it ensures that any unknown files are executed in a safe environment.

The anti-malware component of OpenEDR, which is an improved version of Comodo Firewall, adds an extra layer of protection against traditional malware. The efficacy of the Auto Containment feature against malware has been demonstrated by members of the MalwareTips community, which is a positive endorsement.

The pricing of OpenEDR is also reasonable, especially considering that it includes both anti-malware and EDR capabilities. The fact that it is postpaid and priced similarly to an antivirus solution makes it an affordable option for home users.

Overall, OpenEDR seems to be a comprehensive and capable tool for protecting against both malware and hacker attacks. Its combination of anti-malware features, EDR capabilities, and Auto Containment make it a valuable asset in defending against cyber threats.
 

Dave Russo

Level 21
Verified
Top Poster
Well-known
May 26, 2014
1,020
Looks good but, I am going to wait to see testing, and others experience with this. Also, for 50 dollars apx.lately my urge to try something new (borderline insanity) is way less panicky
 
Oct 17, 2023
61
Will you test Xcitium AEP soon and Valkyrie?
1701630458686.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top