App Review Xcitium Advanced with OpenEDR Combined

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 32
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,146
Xcitium is the enterprise brand of American solution provider Comodo.
I was going to make 2 separate versions, but the solution let me install their EDRs, so I decided to combine them together.
Let's see if it keeps its reputation or not...



Interface: 10/10

The interface is clearly that of the consumer version of Comodo!
On the other hand, there's no choice of configuration by profile: everything is done via the admin console.
The profiles are pretty well designed, but for this test, we're using a custom profile created by @Nikola Milanovic .
The software is relatively light, but I did notice a fairly high level of Internet consumption (Valkyrie? ).

Protection:10/10 Web / Fake crack 1/1 Malware Pack : Remaining 318 out of 485 - PC clean

Xcitium still boasts a relatively weak anti-malware engine, and that hasn't changed...
But it has other trump cards!
A high-performance Sandbox, an impeccable defense system, but where I was surprised was VirusScope, which has made great progress, especially on scripting and injections!
All that's left is to improve the anti-malware. We've seen the Cloud react in Heuristics several times on Worms, so I think it's on the right track.


Result :
Xcitium : 0
NPE : 0
KVRT : 0 (the rest are in Edge's cache, sandboxed by the antivirus, I don't count them)

Recommand : Yes
System Clean : PC clean

@Nikola Milanovic request
 
Oct 17, 2023
61
Xcitium is the enterprise brand of American solution provider Comodo.
I was going to make 2 separate versions, but the solution let me install their EDRs, so I decided to combine them together.
Let's see if it keeps its reputation or not...



Interface: 10/10

The interface is clearly that of the consumer version of Comodo!
On the other hand, there's no choice of configuration by profile: everything is done via the admin console.
The profiles are pretty well designed, but for this test, we're using a custom profile created by @Nikola Milanovic .
The software is relatively light, but I did notice a fairly high level of Internet consumption (Valkyrie? ).

Protection:10/10 Web / Fake crack 1/1 Malware Pack : Remaining 318 out of 485 - PC clean

Xcitium still boasts a relatively weak anti-malware engine, and that hasn't changed...
But it has other trump cards!
A high-performance Sandbox, an impeccable defense system, but where I was surprised was VirusScope, which has made great progress, especially on scripting and injections!
All that's left is to improve the anti-malware. We've seen the Cloud react in Heuristics several times on Worms, so I think it's on the right track.


Result :
Xcitium : 0
NPE : 0
KVRT : 0 (the rest are in Edge's cache, sandboxed by the antivirus, I don't count them)

Recommand : Yes
System Clean : PC clean

@Nikola Milanovic request

Xcitium Verdict Cloud(Valkyrie) is a cloud based file analysis platform that tests file using Static Analysis and Dynamic Analysis and other precise detectors to identify those that are malicious they also have human expert analysts whatching 24/7
 

Victor M

Level 7
Verified
Well-known
Oct 3, 2022
309
If you are evaluating Xcitium / OpenEDR, pay close attention to Web Console: Dashboard > Service > Endpoint > click on Total Alerts number. The alerts are Really Good. They give a process verdict, the execution tree, and a techniqueID which is a googleable reference number to Mitre Att&ck; saying why the Alert is suspicious.

So far, I have tested BitDefender EDR and Kaspersky EDR Optimum.

BitDefender EDR does not seem to detect or stop network attacks. I gave up on them. There's a reason why they did not participate in AV-Comparatives APT tests.. However to be fair to BitDEfender, it, like OpenEDR, does not notice any network attacks. But OpenEDR has Auto Containment, which virtualizes any suspiciously invoked exe ( native to Windows or not ). And that is what gives OpenEDR the advantage. BitDefender's saving grace is that it's process trace diagram gives a lot of detail, and lists any registry keys that was modified. However, it's default alert rules are close to non-existant, you have to specify a search term to define a Alert rule, and then it will show you the process trace diagram. I only had 3 alert rules defined: powershell, cmd, and a LoL Bin favorite of my red team. And BitDefender then displayed the possible attack, although it did not indicate a network attack is in progress, you Will notice that, for example, powershell does not have that process tree when you normally start it, and that invocation of powershell is some funny business.

Kaspersky EDR stops some network attacks by my red team. But does not report them. Even when I especially made a Application Control > Block rule to block execution of a LoL Bin, it only pops up a notification on the client PC, and Does Not raise an Alert on the web cosole. So if you missed the notification, there is No Trace of the attack. And Kaspesky EDR Optimum does not have an Investigation console panel, so you can't search for past events. Sad.

The sole remediation action of BitDefender EDR and Kaspsersky EDR Optimum is the same: block it. However, note it is not possible to block common Windows tools, because you will be locking out all users' invocation of the tool.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top