Free EDR for enterprises

Products ITarian Endpoint Manager
21

The details of the v0.8.0 release is given in detail as follows:

  • Deployment of the agent on multiple endpoints through GPO (Group Policy Object) is now available.
As a product manager, I wanted my product to be deployable through GPO. The reasoning is that this would accelerate the deployment process for large numbered endpoint environments and hence lead to an improved overall user experience.
  • Valkyrie Report Request link has been added on the “detection page”
Being Comodo’s reputable cloud based analysis application tool, Valkyrie would be very helpful for EDR in giving verdicts for unknown events. Thanks to accurate and fast nature of Valkyrie EDR users are now able to request for a Valkyrie report for detections. Of course, this required development efforts in aligning user licence’s for EDR and Valkyrie as well as visualizing as to what was provided to us by Valkyrie team.
  • Visual Improvements have been accomplished
Event details table has been visually modified to lessen users’ efforts to analyze what is happening into their environment. Table has been divided into two blocks one showing the event specific attributes the other one showing general ones. Another visual improvement has been made to lessen user efforts to analyze “Event Search Results”. As the product manager, my vision was to give users a better experience thorough without having to scroll left/right and up/down the screen. Also, tool tip is added to see the details of a value located in the table.
  • Process Timeline Visualization (PoC cont’d)
Visual development team has been working relentlessly for the last two sprints to find an answer to “How do we give our users the best process timeline visualization in the market?” and they are coming to an end. New designs are evaluated and been worked on. Proof of Concept studies has been successfully completed. So the best in the market process visualization is around the corner for upcoming releases.

Last but not least, like prior to any other release, formal, regression and automation tests have been run to ensure the best product is released. However, feel free to inform us on any issues you face or any suggestions regarding your EDR experience. We’d be more than happy to receive your feedback.

22

Hi @dittoit
Thank you for the above post. We will go ahead and forward your concern about the unsigned drivers to the proper channel.

23

Hi @dittoit ,

These problems had already been noticed prior to your posting and so were immediately delegated to related people. Luckily problems seemed to occur due to minor issues which have been solved right away. The only thing before publishing the revision is to test them thoroughly to ensure them they won’t ever happen again. I will post here when the tests are finished.

We sincerely appreciate your feedback.

24

Hi, i have redownloaded the new agent, it seemed to install (no errors) but its not showing in the portal?

James.

25

Hi James,

We have been reported about the similar situation by a few users. I recommend a restart after installation which BTW is desired to be eliminated from the installation process in the near future.

Alphan

26

Hi, a reboot was performed as requested, portal is still empty.
James

27

Are we talking about Windows 7 or 10?
Alphan

28

Windows 10

29

I assume you’ve already done the registry key updates during the installation (?)

30

Hi, yes 64bit, tried a repair on the install too. still not showing.

31

Could you please send me the registry keys so that I could check if they are OK?

alphan.erten@comodo.com

Thanks

32

You should check Xcitium EDR Help Guide for various documentation regarding the product.

Deployment through GPO is possible for the time being. Writing scripts for installation might be considered for future as we seriously think about importing some ITSM capabilities.

33

Is this product now compatible with CCS ?

34

Hi @chales
We received word that a user was able to install EDR alongside ITSM+AEP though EDR is considered redundant already alongside AEP.

35

Hi there,

I enclose a very informative deployment guide for those of you who are wondering if it is possible to deploy EDR on multiple machines through Group Policy Object (GPO).

If you haven’t yet checked out Xcitium EDR Help Guide I strongly recommed you to take a look. This is the address that you can follow up on EDR’s technical documentations.

Have a good day.

Comodo_EDR - Deploy AD agent.pdf (358 KB)

36

Can this safely be run with ITSM without impacting the users experience of their machine.

37

Hello,

I take this opportunity to announce you that the v0.9.0 release just made its debut.

The details are as follows:

Process Timeline Visualization Update

As a product manager, I strongly believe that an EDR tool is as good as its visualization capabilities. That being said, one of the very important topics of our roadmap was to build an unrivalled process timeline which will give every detail of an event sequence without sacrificing performance and creating fuss. However, when it comes to user experience, it is not always easy to hit the bull’s-eye at the very first shot. Besides, it is always helpful to listen to other people’s thoughts for perfection.

We think the process timeline visualization that this release offers is one the industry’s best one in terms of the amount of “neat” and “actionable” information it contains. Furthermore, we also provide tree view to clearly see the hierarchy.

Hash Search Visualization Update

Hash search function of Comodo EDR allows users to track a hash along its way in an environment. To be more specific, hash search screen provides users with a wide range of information regarding a process hash. Namely, attributes related to it such as “first seen”, “last seen”, file history and its trajectory in the environment are given in this screen. However, we thought it would be great if we had a superb visualization of that data. Hard work pays off with the visualization tools of this release.

Performance and Overall Improvements

Last but not least, other improvements we could do for this release were to improve the overall system performance and overcoming the compatibility issues. In this sense, our database query structures have been revised to provide users the fastest results. It is hard to give an exact on the performance increase but an average user experiences more than twice faster queries with the new structure. Also, the reported “signed driver” compatibility issues have been addressed and solved.

I hope your EDR experience will be taken one step further.

Alphan Erten, MBA, MSc.
Product Manager
s: alphanerten

process_timeline.jpg
process_timeline.jpg1440×419 30.7 KB

process_tree.JPG
process_tree.JPG891×613 25.1 KB

hash_search.JPG
hash_search.JPG1440×273 14.8 KB

38

Is EDR now compatible with CCS @Alphan ?

39

Yes it is fully compatible with CCS.

40

A batch script should be added to the agent zip file to automate the process of installation, registry key addition and restart the endpoint afterwards. This way, all the admin has to do would be to run the script and interact with the installation process.