Question Should I use Trellix endpoint security or Xcitium open edr?

[Xeno1234]

Files from 73 formats and up to 50 MB are sent to the cloud where they are opened and behaviour is examined. To do that, Check Point uses resistant sandboxes connected to the internet (they do all sorts of things like mimicking user activity as well) and then it uses various engines such as Yara rules on process memory, CADET, Bitdefender, Office Macro engines, CPU-level detection, Intel TDT, IPS and others to produce a verdict.

https://support.checkpoint.com/results/sk/sk95235

oh cool. Is it similar to like Kaspersky Sandbox

 

[Xeno1234]

I currently have a trial of Kaspersky EDR but its not setup or anything its just the security product which sucks cause I want Kaspersky Sandbox really badly

 

[Trident]

I currently have a trial of Kaspersky EDR but its not setup or anything its just the security product which sucks cause I want Kaspersky Sandbox really badly

What's so special about Kaspersky sandbox that others like Hybrid Analysis or Joe Sandbox lack?

 

[Xeno1234]

What's so special about Kaspersky sandbox that others like Hybrid Analysis or Joe Sandbox lack?

Idk its just cool to have it on the system

 

[Sandbox Breaker - DFIR]

That was me.

 

[Trident]

That was me.

What was you?

 

[Sandbox Breaker - DFIR]

I was the guy who objected a Valkyrie verdict when they said it's safe.

 

[Victor M]

I have a question about EDRs. If they have pretty diagrams on a piece of malware, then they could have killed it. Why bother giving us diagrams?

 

[Trident]

I have a question about EDRs. If they have pretty diagrams on a piece of malware, then they could have killed it. Why bother giving us diagrams?

They’ve killed it. The diagram is for you to understand the attack and take the appropriate measures to avoid it in the future.

 

[Victor M]

Attackers are using old versions of Process Explorer driver to evade EDRs

‘AuKill’ EDR killer malware abuses Process Explorer driver

Driver-based attacks against security products are on the rise

news.sophos.com

 

[Victor M]

2 other ways to bypass EDRs

Organizations are spending billions on malware defense that’s easy to bypass

Two of the simplest forms of evasion are surprisingly effective against EDRs.

arstechnica.com

Found by asking Bing Chat.

 

[Xeno1234]

2 other ways to bypass EDRs

Organizations are spending billions on malware defense that’s easy to bypass

Two of the simplest forms of evasion are surprisingly effective against EDRs.

arstechnica.com

Found by asking Bing Chat.

Kaspersky go crazy though and probably detect it ong

 

[NormanF]

No EDR can withstand a determined attacker. Then again no security tool can offer 100% protection. Make regular backups, download them and store hard copies offsite.

If your critical data or work gets encrypted, that way you can recover it with little to no effort. One would be a fool to put all of one's eggs in a single basket.

 

[likeastar20]

I currently have a trial of Kaspersky EDR but its not setup or anything its just the security product which sucks cause I want Kaspersky Sandbox really badly

Post some pics of the Kaspersky Sandbox in action

 

[NormanF]

Post some pics of the Kaspersky Sandbox in action

If you neeed a sandbox and an application control product, you could get it for free with ReHIPS.

 

[Xeno1234]

If you neeed a sandbox and an application control product, you could get it for free with ReHIPS

I dont see it being a sandbox but I see hips. But I use Kaspersky, so I think its fine.

 

[Xeno1234]

Unless Kasperskys HIPS/Application Control doesnt protect your system

 

[NormanF]

I dont see it being a sandbox but I see hips. But I use Kaspersky, so I think its fine.

Its a sandbox and will run apps isolated unless you decline.

 

[Xeno1234]

Its a sandbox and will run apps isolated unless you decline.

I perfer Kaspersky though cause it detects malicious stuff in its sandbox and has the best detection engine of av's

 

[Xciting]

So ye i went back to trellix from xcitium so now i found an unmanged client of symantec endpoint protection and can anyone tell me which is better in terms of protection?