Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Xcitium Advanced with OpenEDR Combined
Message
<blockquote data-quote="Victor M" data-source="post: 1067633" data-attributes="member: 96560"><p>If you are evaluating Xcitium / OpenEDR, pay close attention to Web Console: Dashboard > Service > Endpoint > click on Total Alerts number. The alerts are Really Good. They give a process verdict, the execution tree, and a techniqueID which is a googleable reference number to Mitre Att&ck; saying why the Alert is suspicious.</p><p></p><p>So far, I have tested BitDefender EDR and Kaspersky EDR Optimum.</p><p></p><p>BitDefender EDR does not seem to detect or stop network attacks. I gave up on them. There's a reason why they did not participate in AV-Comparatives APT tests.. However to be fair to BitDEfender, it, like OpenEDR, does not notice any network attacks. But OpenEDR has Auto Containment, which virtualizes any suspiciously invoked exe ( native to Windows or not ). And that is what gives OpenEDR the advantage. BitDefender's saving grace is that it's process trace diagram gives a lot of detail, and lists any registry keys that was modified. However, it's default alert rules are close to non-existant, you have to specify a search term to define a Alert rule, and then it will show you the process trace diagram. I only had 3 alert rules defined: powershell, cmd, and a LoL Bin favorite of my red team. And BitDefender then displayed the possible attack, although it did not indicate a network attack is in progress, you Will notice that, for example, powershell does not have that process tree when you normally start it, and that invocation of powershell is some funny business.</p><p></p><p>Kaspersky EDR stops some network attacks by my red team. But does not report them. Even when I especially made a Application Control > Block rule to block execution of a LoL Bin, it only pops up a notification on the client PC, and Does Not raise an Alert on the web cosole. So if you missed the notification, there is No Trace of the attack. And Kaspesky EDR Optimum does not have an Investigation console panel, so you can't search for past events. Sad.</p><p></p><p>The sole remediation action of BitDefender EDR and Kaspsersky EDR Optimum is the same: block it. However, note it is not possible to block common Windows tools, because you will be locking out all users' invocation of the tool.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1067633, member: 96560"] If you are evaluating Xcitium / OpenEDR, pay close attention to Web Console: Dashboard > Service > Endpoint > click on Total Alerts number. The alerts are Really Good. They give a process verdict, the execution tree, and a techniqueID which is a googleable reference number to Mitre Att&ck; saying why the Alert is suspicious. So far, I have tested BitDefender EDR and Kaspersky EDR Optimum. BitDefender EDR does not seem to detect or stop network attacks. I gave up on them. There's a reason why they did not participate in AV-Comparatives APT tests.. However to be fair to BitDEfender, it, like OpenEDR, does not notice any network attacks. But OpenEDR has Auto Containment, which virtualizes any suspiciously invoked exe ( native to Windows or not ). And that is what gives OpenEDR the advantage. BitDefender's saving grace is that it's process trace diagram gives a lot of detail, and lists any registry keys that was modified. However, it's default alert rules are close to non-existant, you have to specify a search term to define a Alert rule, and then it will show you the process trace diagram. I only had 3 alert rules defined: powershell, cmd, and a LoL Bin favorite of my red team. And BitDefender then displayed the possible attack, although it did not indicate a network attack is in progress, you Will notice that, for example, powershell does not have that process tree when you normally start it, and that invocation of powershell is some funny business. Kaspersky EDR stops some network attacks by my red team. But does not report them. Even when I especially made a Application Control > Block rule to block execution of a LoL Bin, it only pops up a notification on the client PC, and Does Not raise an Alert on the web cosole. So if you missed the notification, there is No Trace of the attack. And Kaspesky EDR Optimum does not have an Investigation console panel, so you can't search for past events. Sad. The sole remediation action of BitDefender EDR and Kaspsersky EDR Optimum is the same: block it. However, note it is not possible to block common Windows tools, because you will be locking out all users' invocation of the tool. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
