- Oct 3, 2022
- 518
OpenEDR is an endpoint detection and response tool. It has anti-malware and anti-hacker capabilities. It is free for 30 days and it is only $4/month/pc postpaid.
An EDR is not necessarily only for enterprises. It becomes necessary when you are being hacked. That is because OpenEDR provides the visibility into the attacker's activities that are not visible on your screen.
It is true that EDR requires monitoring. But not unduly so. Checking every other day is fine (in my circumstances). Most of us glance at our anti-malware when there's nothing to do. When you are under attack you will want to check a little more frequently.
An EDR taps into Windows Events. And Windows logs Everything. And OpenEDR selects and raises alerts for you when anything suspicious is happening. For example, the RuntimeBroker.exe Windows component is usually started on demand by Windows itself, but if it was observed that it has been started manually, OpenEDR will raise an Alert for you. There is such a thing called Living off the Land binaries, which are native Windows exe's which are used by hackers to do their bidding. OpenEDR knows about hacker tactics and activity patterns. And in it's alerts, it gives a reference to Mitre Att&ck's bible reference for hacker tactics.
OpenEDR has a Auto Containment feature. It will put any suspicious file executions into a virtualized environment where it cannot affect Windows. It also automatically virtualizes any new exe's. So any malware or hacker tools will also run virtualized. Any file executions that are virtualized raises an alert. It has too many classes of alerts to mention; but to our MalwareTips readers, they will be interested in this: there is an alert named 'write to binary' which means new exe creation. This will alert you to most malware activities.
OpenEDR has a anti-malware component. OpenEDR is the latest incarnation of Comodo Firewall. It has stability and capability improvements. Long time member @cruelsister has demoed the complete efficacy of it's Auto Containment against malware here: App Review - Comodo Firewall 2024 Beta Setup and Test . And long time video reviewer @Shadowra has her demo here: App Review - Comodo Firewall BETA 2024 (Modified Settings) .
Anti-malware is generally useless against hackers, because hackers test their tools against common anti-malware vendors and modify their tools to evade signatures. But Auto Containment sets OpenEDR apart.
OpenEDR is free for 30 days. And it's post paid subscription price is reasonably priced for a home user; about the same as an antivirus. But you are also getting an EDR. You are not paying extra for a tool which you don't frequently use, so why not have the capability for when you Do need it.
And most MalwareTips users think automatically of malware when something is wrong, when actually they are really under a hacker attack. You cannot tell the difference unless you look into it. That's what an EDR enables you to do. Then you can take defensive actions. "What you don't know is what you don't know".
An EDR is not necessarily only for enterprises. It becomes necessary when you are being hacked. That is because OpenEDR provides the visibility into the attacker's activities that are not visible on your screen.
It is true that EDR requires monitoring. But not unduly so. Checking every other day is fine (in my circumstances). Most of us glance at our anti-malware when there's nothing to do. When you are under attack you will want to check a little more frequently.
An EDR taps into Windows Events. And Windows logs Everything. And OpenEDR selects and raises alerts for you when anything suspicious is happening. For example, the RuntimeBroker.exe Windows component is usually started on demand by Windows itself, but if it was observed that it has been started manually, OpenEDR will raise an Alert for you. There is such a thing called Living off the Land binaries, which are native Windows exe's which are used by hackers to do their bidding. OpenEDR knows about hacker tactics and activity patterns. And in it's alerts, it gives a reference to Mitre Att&ck's bible reference for hacker tactics.
OpenEDR has a Auto Containment feature. It will put any suspicious file executions into a virtualized environment where it cannot affect Windows. It also automatically virtualizes any new exe's. So any malware or hacker tools will also run virtualized. Any file executions that are virtualized raises an alert. It has too many classes of alerts to mention; but to our MalwareTips readers, they will be interested in this: there is an alert named 'write to binary' which means new exe creation. This will alert you to most malware activities.
OpenEDR has a anti-malware component. OpenEDR is the latest incarnation of Comodo Firewall. It has stability and capability improvements. Long time member @cruelsister has demoed the complete efficacy of it's Auto Containment against malware here: App Review - Comodo Firewall 2024 Beta Setup and Test . And long time video reviewer @Shadowra has her demo here: App Review - Comodo Firewall BETA 2024 (Modified Settings) .
Anti-malware is generally useless against hackers, because hackers test their tools against common anti-malware vendors and modify their tools to evade signatures. But Auto Containment sets OpenEDR apart.
OpenEDR is free for 30 days. And it's post paid subscription price is reasonably priced for a home user; about the same as an antivirus. But you are also getting an EDR. You are not paying extra for a tool which you don't frequently use, so why not have the capability for when you Do need it.
And most MalwareTips users think automatically of malware when something is wrong, when actually they are really under a hacker attack. You cannot tell the difference unless you look into it. That's what an EDR enables you to do. Then you can take defensive actions. "What you don't know is what you don't know".
Last edited: