Open Source EDR Security Platform - Latest posts

Not free edition?

@apacer — Wed, 24 Dec 2025 21:22:06 +0000

Hello
I’m old home user of CIS and enjoy Containment feature.

Could you explain which features of OpenEDR is free for up to 50 devices?
Free edition/license only includes reporting? or the client’s agent provides actual protection like CIS (detection and containment)?
With fully self hosted OpenEDR the 50 devices limitation could be bypassed and still use detection and containment?

Thank you

I downloaded OpenEDR and downloaded all these security features because it said you are not protected I downloaded it and it restarted my computer and now I get an error

@Trindined Peters — Wed, 22 Oct 2025 00:50:30 +0000

The error is “IRQL_IS_NOT_LESS_OR_EQUAL what failed ntoskrnl” and it’s in a endless loop of doing that every startup can’t even get to my login

Openedr not detecting malware

@ilgaz Ilgaz Yücecengiz — Mon, 20 Oct 2025 11:09:20 +0000

hi @onyi , just to confirm, are you using OpenEDR Platform? If so, could you please share your use case:

file hash that you used to test
OpenEDR alert configuration

We will then be able to analyze the issue and get back to you as soon as possible.

Thank you for your cooperation.

Best,
OpenEDR team

Openedr not detecting malware

@onyi — Sat, 11 Oct 2025 11:59:46 +0000

I have installed the edr agent on the endpoint and did all the set up on the platform. Needed to test it by downloading multiple eicar test files, however the edr does not detect the file. No alert fired or displayed. I saw that this was reported in 2024 l, however the guide shared does not solve the issue. It is also hard to follow as this does not tally with the current platform. I will appreciate some pointers to get this work.

Cloud-Based EDR Doesn't Work?

@nivedithab Niveditha Balakrishnan — Mon, 24 Mar 2025 08:14:20 +0000

hi @zerox024

could you please share error screenshots which you are receiving

Cloud-Based EDR Doesn't Work?

@zerox024 — Fri, 07 Mar 2025 07:40:52 +0000

Hi,

I’am using cloud-based edr solution and install agent on my test win10 machine. But i cant catch critcal edr events. For test, i’am open cmd and type some command but never catch that actions. I’m check policys, agent and pc all of them working. Just i see “Set Registry Value,Write File,Network Connection, Network Listen, Delete Registry Key” logs but when i’m install malware for test and detect. Never catch this crtical edr events on dashboard.

Where am I doing wrong? Please help.

OpenEDR has launched the OpenEDR Academy

@melih melih — Wed, 26 Feb 2025 16:27:19 +0000

Exciting news for the academic community!

OpenEDR has launched the OpenEDR Academy – a free, cutting-edge learning platform designed to empower lecturers and students in mastering Endpoint Detection and Response (EDR) technologies.

For Lecturers:

Comprehensive Resources – Access labs, case studies, and real-world scenarios to enrich your curriculum.
Free for Educators – Integrate industry-leading tools into your courses at no cost.
Collaborative Tools – Easily manage student progress and projects within the platform.

For Students:

Practical Learning – Engage with real-world EDR tools and scenarios to build hands-on skills.
Flexible Learning – On-demand modules tailored to fit your schedule.
Certifications – Earn badges and certificates to showcase your expertise to future employers.

By joining OpenEDR Academy, you’re not only enhancing your cybersecurity knowledge but also becoming part of a global community of learners, educators, and experts.

This initiative bridges the gap between academic learning and industry demands, ensuring the next generation of cybersecurity professionals is well-equipped to tackle emerging threats.

Don’t miss out! Join OpenEDR Academy today and be at the forefront of cybersecurity education.

Learn more & sign up here

Enable Email Notifications Error

@Brains93 — Wed, 20 Nov 2024 08:17:01 +0000

Hi, Thanks that worked. There still seems to be an issue with alerts not triggering an email but I have emailed the support line you mentioned.
Thanks for the help

Enable Email Notifications Error

@nivedithab Niveditha Balakrishnan — Thu, 14 Nov 2024 15:43:12 +0000

hi @Brains93

have you retried adding the email after relogin to portal with history clear , if you are facing the issue again , request you to drop email to [email protected] along with all screenshots and details and our backend team will investigate the same from their side

Enable Email Notifications Error

@Brains93 — Tue, 12 Nov 2024 17:29:02 +0000

In the EDR platform when I attempt to add an email notification to alerts using the cog in the top right I get a generic error saying “Unable to add email!”

Is anyone else getting this error?

How to generate the configuration file for cloud services?

@ilgaz Ilgaz Yücecengiz — Thu, 17 Oct 2024 12:44:17 +0000

hi @yfl , can you please confirm whether if you are using OpenEDR Platform (cloud) and not the on-premise version from GitHub?

If so, the agent you downloaded from GitHub is dedicated to on-premise installation, and not for cloud version.

How to generate the configuration file for cloud services?

@yfl deep-learning — Wed, 16 Oct 2024 11:18:09 +0000

When downloading EDR from the openEDR platform, the system did not respond. Therefore, I downloaded edrAgentV2 from GitHub. However, when executing it, the connection to the server failed, and the log displayed the following messages:

ERRERRERR 0xE0010001 - Invalid argument
(The is not specified)
ERRERRERR 0xE0010004 - Type error
(Can’t get String value from Variant with Null)

I suspect there is an issue with the configuration file evm.cloud.src.
WRNWRNWRN Configuration file is missing. It is being repaired using the specified action.
How can I resolve this? How is the evm.cloud.src file generated?

EDR not picking up anything

@nivedithab Niveditha Balakrishnan — Wed, 02 Oct 2024 16:47:36 +0000

hi @TheThMando

please mention you account admin email details and that you have enabled the remote access control along with the issue device name to our support team [email protected] to assist you further with the issue.

thank you

EDR not picking up anything

@TheThMando — Wed, 02 Oct 2024 14:49:21 +0000

Dear @nivedithab,

I’ve the same issue. The EDR doesn’t capture the ProcessCreate events; I see only the WriteFile events on the endpoint.

Finally, using the old portal version, I enabled the Remote Access Support. The device that has this issue is named windows10.

King regards.

EDR not picking up anything

@nivedithab Niveditha Balakrishnan — Fri, 20 Sep 2024 10:12:51 +0000

hi @KEDR

to further investigate the reported issue, our support team need the local logs from one of the affected endpoints.

If you wish us to collect the endpoint logs from our side, please let us know the name of the affected device and make sure Remote Access Support is enabled under Management > Account > Remote Access Support ( Xcitium Remote Access Support, Xcitium, Xcitium ). You may also find the necessary steps listed in the attached document. After this option is enabled, provide us with the name of the affected device on Endpoint Manager portal.
If you do not wish to provide us with remote access, and if the device communicates with the Xcitium Platform, run the the predefined procedure “Collect Comodo One logs using new CIS report tool” on the affected device - do not forget to provide us with the name of the device so we can identify the output on our side. However, if the device does not communicate with the Xcitium Platform, please download and run the following report tool on the affected device: https://download.comodo.com/cis/download/installs/cisreporttool/cisreporttool.exe . The tool collects both XCC & XCS logs and attempts to upload them to our SFTP (Device name is included in the name of the output). To be able to to identify the logs on our side, please provide us with the local name of the device to our support team [email protected] to assist you further with the issue.

thank you

EDR not picking up anything

@KEDR Kevin — Thu, 19 Sep 2024 19:44:12 +0000

Hi @nivedithab

thank you for the guide.
Unfortunately the problem still exists. The device is enrolled with the EDR Agent.
The only thing i can in see are some Write File Events.

Any ideas why no alerts are generated or why i can not see anything else?

EDR not picking up anything

@nivedithab Niveditha Balakrishnan — Thu, 19 Sep 2024 13:25:27 +0000

hi @KEDR

Please find the below guide which helps you with EDR set up

EDR not picking up anything

@KEDR Kevin — Wed, 18 Sep 2024 18:08:31 +0000

Hello,

I wanted to try OpenEDR for personal use. I created an account, onboarded my machine and installed the EDR component. My problem now is that EDR is not picking up anything. There are no information about anything.

I have tried to download the Eicar file to test the detection, but as I said… Nothing.
I followed the video, but it is not really working for me: https://www.youtube.com/watch?v=lfo_fyinvYs&ab_channel=Xcitium

Can anyone help me out? Are there any prerequisites?

How to forwarder logs from openedr externally

@Nabbit Paul — Wed, 14 Aug 2024 06:16:50 +0000

I assume if it’s locally hosted you can export what you want from Elastic, correct?

CMMC compliance

@mandela6996 Saifulnizam Sarif — Wed, 14 Aug 2024 02:22:50 +0000

Hi,
I am using CIS Security Control and also CIS RAM.

EDR free for unlimited devices or just first 50?

@mandela6996 Saifulnizam Sarif — Wed, 14 Aug 2024 02:21:14 +0000

Bro,
Damn I also receiving the bill for asset 501 and above. I thought it was free all the way.

Using Cloud Console Locally and Agent Connectivity

@Maze Nour — Thu, 08 Aug 2024 01:04:16 +0000

Thank you so much for your detailed response!

Using Cloud Console Locally and Agent Connectivity

@ilgaz Ilgaz Yücecengiz — Wed, 07 Aug 2024 14:33:39 +0000

hi @Maze ,

1- Open EDR Cloud console cannot be run locally (on-premise), however, you may deploy your own instance where you will have to do the configuration and deploy rules for EDR. Here is how you can deploy your own instance.

github.com

ComodoSecurity/openedr/blob/main/getting-started/InstallationInstructions.md

# Installation Instructions
OpenEDR is a single agent that can be installed on Windows endpoints. It generates extensible telemetry data for overall security-relevant events. It also uses file lookup, analysis, and verdict systems from Comodo, https://valkyrie.comodo.com/. You can also have your own account and free license there.

The telemetry data is stored locally on the endpoint itself. You can use any log streaming solution and analysis platform. Here we will present, how can you do remote streaming and analysis via open source tools like Elasticsearch ELK and Filebeat.

## OpenEDR:
OpenEDR project will release installer MSI’s signed by Comodo Security Solutions, The default installation folder is C:\Program Files\OpenEdr\EdrAgentV2

The agent outputs to C:\ProgramData\edrsvc\log\output_events by default, there you will see the EDR telemetry data where you should point this to Filebeat or other log streaming solutions you want. Please check following sections for details

## Docker and Docker Compose:
Docker is widely known virtualizon method for almost all environments you can use use docker for installing Elasticsearch and Log-stash to parse and more visibiltiy we used Docker to virtualize and make an easy setup process for monitoring our openedr agent. You can visit and look for more details and configure from https://github.com/docker


## Logstash:
Logstash is an open-source data ingestion tool that allows you to collect data from a variety of sources, transform it, and send it to your desired destination. With pre-built filters and support for over 200 plugins, Logstash allows users to easily ingest data regardless of the data source or type. We used Logstash to simplify our output to elasticsearch for more understandable logs and easily accessible by everyone who uses openedr and this example. You may visit and configure your own system as well https://github.com/elastic/logstash

## Elasticsearch:
There are multiple options to run Elasticsearch, you can either install and run it on your own machine, on your data center, or use Elasticsearch service on public cloud providers like AWS and GCP. If you want to run Elasticsearch by yourself. You can refer to here for installation instructions on various platforms https://www.elastic.co/guide/en/elasticsearch/reference/current/install-elasticsearch.html

This file has been truncated. show original

2- Open EDR Cloud console has monitoring capability for such cases. You may configure ping monitor such that it detects if a device is offline more than x minutes, it creates an alert so that you can check what is happening.

Using Cloud Console Locally and Agent Connectivity

@Maze Nour — Wed, 07 Aug 2024 13:50:24 +0000

Hello everyone,

I’m seeking some clarity on a couple of topics related to cloud console usage and agent connectivity. I hope someone can help me understand the following:

Using Cloud Console Locally:
Is it possible to use the console designed for cloud environments locally? For instance, if a company prefers not to use the cloud console and wants to operate it within their local infrastructure, can this be achieved? What are the steps or requirements for this setup?
Agent Connectivity Issues:
What happens if an agent loses its internet connection? Will the agent still be able to communicate and function properly? If not, what measures can be taken to ensure minimal disruption in such scenarios?

Thank you in advance for your assistance!

Is there a Linux client suppoted?

@nivedithab Niveditha Balakrishnan — Wed, 31 Jul 2024 13:28:08 +0000

hi @mcdull

apologies , as of now we are not supporting the ARM processor , we are working on it and shall provide update once it is available.

thank you

Is there a Linux client suppoted?

@mcdull — Wed, 31 Jul 2024 03:02:35 +0000

I have deployed to some linux endpoints, but seeing error on my arm64 ubuntu. Any plan to support arm64 cpu in addition to x86-64? Thanks.

CMMC compliance

@cbriere Chris Briere — Wed, 24 Jul 2024 15:12:37 +0000

@ozer this is extremely helpful, thank you!

Chris

CMMC compliance

@ozer Ozer — Wed, 24 Jul 2024 02:09:20 +0000

OpenEDR is open source and self hosted so previous comment about “hosted on Fedramp Servers” is wrong.

With OpenEDR, you can easily cover following Controls stated by CMMC. These are mapped to CMMC 1.0 but we will release another mapping for CMMC 2.0

“C009
Identify and protect audit information”
“C010
Review and manage audit logs”
“C017
Detect and report events”
“C018
Develop and implement a response to a
declared incident”
“C019
Perform post incident reviews”
“C020
Test incident response”
“C023
Protect and control media”
“C031
Identify and evaluate risk”
“C037
Implement threat monitoring”
“C040
Control communications at system
boundaries”
“C041
Identify and manage information system flaws”
“C042
Identify malicious content”
“C043
Perform network and system monitoring”

CMMC compliance

@cbriere Chris Briere — Tue, 23 Jul 2024 12:44:10 +0000

@nivedithab thank you for the information.

Chris

CMMC compliance

@nivedithab Niveditha Balakrishnan — Tue, 23 Jul 2024 12:05:48 +0000

hi @cbriere

Open EDR is hosted on Fedramp High compliant servers
Open EDR uses FIPS validated encryption

CMMC compliance

@nivedithab Niveditha Balakrishnan — Mon, 22 Jul 2024 20:46:52 +0000

hi @cbriere

I will check with the concern team on this and get back to you.

thank you

Hotfix Release Notes of OpenEDR Platform (June 13, 2024)

@melih melih — Mon, 22 Jul 2024 13:41:12 +0000

with all the Crowdstrike saga, having a proper open source EDR where we don’t mess with the kernel and effectively bypass the EV guidelines. Its crazy that any enterprise would use a product that hacks the kernel using this method, simply CRAZY!

CMMC compliance

@cbriere Chris Briere — Mon, 22 Jul 2024 13:00:37 +0000

Hello all,

I am new to OpenEDR and I must say, it is a fantastic tool thus far! I am wondering if anyone here is using this product to align with CMMC compliance? We are currently in the “Self Assessment” phase and are evaluating this product to check the boxes for some of the compliance requirements. Just looking for any information, guidance relating to the compliance peice.

Thanks,
Chris

Hotfix Release Notes of OpenEDR Platform (June 13, 2024)

@cbriere Chris Briere — Mon, 22 Jul 2024 12:54:23 +0000

New UI revisions look fantastic! I am new to OpenEDR and you folks are an amazing crew! I can’t wait to contribute.

Chris

Unable to Reinstall Xcitium on MacOs

@nivedithab Niveditha Balakrishnan — Sun, 14 Jul 2024 19:18:12 +0000

hi @gelo

. In order for us to understand the issue better and to find the root cause of the issue, we request you to provide some additional information.

Please confirm the version of the Client Security, and Communication client you’re trying to install.
Please let us know whether you have updated the APN certificate in the platform.
If the APN certificate is not updated in the portal, please refer to this help guide and update them: Add Apple Push Notification Certificate, iOS SSL Certificate, Endpoint Manager
Check if there is any other 3rd party security software installed on the machine.
Check if there are any other MDM profiles installed on the machine. If yes, please remove them from the Profiles and then proceed with the installation again on the macOS machine.

Also, we request you to go through the below help article which explains how to add macOS devices to Endpoint Manager.
https://wiki.xcitium.com/frontend/web/topic/how-to-enroll-mac-os-x-devices-to-endpoint-manager

Looking forward to your reply.

Unable to Reinstall Xcitium on MacOs

@gelo — Fri, 12 Jul 2024 11:04:53 +0000

Im having problem reinstalling the agent to MacOS. I uninstall the initial one as i created new APN for apple push certificate. But unfortunately , upon reinstalling the Xcitium on mac its unable to proceed.

I have tried as well the removing the APN configuration yet still unable to reinstall. Also removed the application on MacOs as well. please see below error message.

Hotfix Release Notes of OpenEDR Platform (June 13, 2024)

@ilgaz Ilgaz Yücecengiz — Thu, 13 Jun 2024 07:17:59 +0000

Hello Everyone,

We would like to inform you about a scheduled hotfix release for Open EDR Platform, which will take place on June 13th. The deployment is expected to last approximately 1 hour. During this period, we do not anticipate any disruptions to the portal. If you observe any issues after the release, please feel free to share them with us.

The release schedule was implemented as follows:

For the US and the EU regions, on Thursday, 2024-06-13T07:00:00Z UTC

Please check the release notes that are marked by the new release!

Open EDR Platform June Hotfix Release (June 13, 2024)

OpenEDR Platform

IMPROVEMENTS

OpenEDR Platform is completely revamped so that it allows users to easily find the exact feature and functionality at a glance.

“Endpoint Security” under Security is now renamed as “Endpoint Zero Trust (EPP + EDR + ZD)” – mentioning about every single unique feature of OpenEDR where it provides Unified Zero Trust for endpoints
Old UI:

New UI:
“Investigate” submenu is renamed as “EDR” – where the users will now understand where exactly to look about EDR telemetry.
Old UI:

New UI:
“Blocked Threats” is renamed as “Blocked Threats (NGAV)
Old UI:

New UI:
“Quarantined Threats” is renamed as “Quarantined Threats (NGAV)
Old UI:

New UI:
“Contained Threats” is renamed as “Contained Threats (ZD)” – implying that this section shows how Xcitium is protecting your endpoints against “unknown” malware thanks to its patented “Zero Dwell” Containment technology.
Old UI:

New UI:
“HIPS Events” is renamed as “HIPS Events (EPP)” .
Old UI:

New UI:
“Firewall Events” is renamed as “Firewall Events (EPP)”.
Old UI:

New UI:
“Data Loss Prevention” is renamed as “DLP Configuration” and moved under “Endpoint Zero Trust (EPP + EDR + ZD)” section
Old UI:

New UI:
“Data Loss Prevention” is renamed as “DLP Events”
Old UI:

New UI:
“Cloud Security under Security menu is now renamed as “Cloud Security – Zero Trust” , and moved up under Endpoint Zero Trust
Old UI:

New UI:
“Cloud Assets” and “Cloud Workloads” sections under Assets menu are now relocated under “Cloud Security – Zero Trust”. This helps user to see/manage everything related to cloud under single pane of glass.
Old UI:

New UI:
“Event Analysis” under Security menu is now renamed as “SIEM – X”. This makes Xcitium’s in-house developed and native SIEM component visible to users.
Old UI:

New UI:
Added “Threat Labs” as a new menu item which enables users to easily navigate to worlds most enhanced AI and human expert powered Threat Analysis Center where each and every “unknown” file is turned to “known good” or “known bad”.
Old UI:

New UI:
“Assets” menu is renamed as “ITSM”, where all features and functionalities related to IT and Service Management is located under.
Old UI:

New UI:
“Devices” under Assets menu is renamed as “Device Management”.
Old UI:

New UI:
“Configuration Templates” under Assets menu is divided into different sections:
- “Profiles” section is moved directly under “ITSM” menu
  Old UI:
  
  New UI:
- “Alerts”, “Procedures” and “Monitors” sections are moved under new “Remote Monitoring and Management” menu item.
  Old UI:
  
  New UI:
“Patch Management” section under “Software Inventory” is moved under ITSM menu
Old UI:

New UI:
“Vulnerability Management” under “Software Inventory” is moved under ITSM menu
Old UI:

New UI:
“Global Software Inventory” under “Software Inventory” is renamed as “Desktop Application Control”, and moved under “Application Control” section under ITSM menu
Old UI:

New UI:
“Mobile Applications” under “Software Inventory” is renamed as “Mobile Application Control” and moved under “Application Control” section under ITSM menu
Old UI:

New UI
“User Management” under Assets menu is moved under “Management” menu
Old UI:

New UI:

BUG-FIXES

Fixed an issue about data being loaded very slowly under Contained Threats – Device list.
Fixed an issue about displaying wrong usage numbers under “Bill Forecast” page under License Management section.
Fixed an issue about system preventing EDR agent installation without a “Client Security” profile is actively used.

Appendix

NEW PORTAL VERSIONS

OpenEDR Platform: 1.12.0

Open EDR became paid after the end of the Xcitium Advanced trial period?

@ilgaz Ilgaz Yücecengiz — Wed, 12 Jun 2024 09:30:23 +0000

hi @Dmitriy , we found a bug about this behavior, and it will be fixed tomorrow (June 13th, 2024, Thursday). We will share the release notes shortly.

Open EDR became paid after the end of the Xcitium Advanced trial period?

@Dmitriy Dmitriy — Mon, 10 Jun 2024 15:48:02 +0000

EDR is not installed after the Xcitium Advanced Trial has expired. I contacted technical support - they told me that the policy had changed and now open EDR needs to be paid for. what to do?

Hotfix Release Notes of OpenEDR Platform (June 06, 2024)

@ilgaz Ilgaz Yücecengiz — Thu, 06 Jun 2024 05:31:10 +0000

Hello Everyone,

We would like to inform you about a scheduled hotfix release for OpenEDR Platform, which will take place on June 6th. The deployment is expected to last approximately 1 hour. During this period, we do not anticipate any disruptions to the portal. If you observe any issues after the release, please feel free to share them with us.

The release schedule was implemented as follows:

OpenEDR Platform, on Thursday, 2024-06-06T07:00:00Z UTC

Please check the release notes that are marked by the new release!

OpenEDR Platform

Improvements

Updated OpenEDR Platform registration steps to provide an easier experience for new users.

Appendix

New Portal Versions

OpenEDR Platform: 1.11.0

What base_eventType values and baseType values says in openEDR logs in windows

@nivedithab Niveditha Balakrishnan — Tue, 28 May 2024 07:19:46 +0000

hi @immaculate

apologies for the delay , i will get in touch with backend team and get back to you on update.

What base_eventType values and baseType values says in openEDR logs in windows

@immaculate — Tue, 28 May 2024 07:18:54 +0000

its been 8 days any response from backend team!

Unable to monitor endpoint

@nivedithab Niveditha Balakrishnan — Sun, 26 May 2024 09:24:02 +0000

hi @pvssrikanth

We are sorry for the delay in response. We would like to inform that we have updated the billing model for the Xcitium Platform recently and introduced assigned-profile billing. This is designed to make billing clear, controllable, and flexible. There will be no more 50 devices free with Device paid options.

As a reminder, starting April 1st 2024, you will be upgraded to our most recent ITSM platform, and we will now bill separately for the use of our RMM module to the extent you use these features. Specifically, RMM, Patch Management, and MDM modules will now be charged per device.

Kindly check the new ITSM platform document: https://www.xcitium.com/itsm-platform-update.pdf

In order to set default profile without XCS and Device paid options, we recommend cloning the default profile → go to the cloned profile → Sections → Edit → Uncheck Xcitum Client Security XCS and Device paid options → Save the profile → Make Default.

This will help you to have cloned profile as default profile without XCS and Device for device enrolment.

Please make sure that other default profiles are cancelled with XCS and Device enabled.

For more information to clone the profile and manage default profiles, please check with articles below:
https://help.comodo.com/topic-399-1-786-10199-Clone-a-Profile.html
https://help.comodo.com/topic-399-1-786-10100-Manage-Default-Profiles.html

Once you updated the profiles without XCS and Device paid options, please share with us the screenshot of Bill Forecast page from Endpoint Manager → License Management → Bill Forecast including the Overuse column.

Please feel free to reach out to your respective customer success manager / [email protected] , for further clarification required regarding the billing model and other product related queries

Unable to monitor endpoint

@pvssrikanth srikanth pokkuluri — Sun, 26 May 2024 04:19:27 +0000

Hi ,
When i installed EDR Agent on few systems and tried to monitor on Dashboard endpoints.

The dashboard is prompting " Please provide credit card payment information "

Since this is Free Tool, Why its prompting me this payment information.

If i install it on onprim , Will this payment information be be removed ?

Please guide
srikanth

What base_eventType values and baseType values says in openEDR logs in windows

@nivedithab Niveditha Balakrishnan — Thu, 23 May 2024 20:32:07 +0000

hi @immaculate

team is looking into it , once received feedback , I shall let you know.

What base_eventType values and baseType values says in openEDR logs in windows

@immaculate — Thu, 23 May 2024 05:11:25 +0000

hi, any response from backend team?

What base_eventType values and baseType values says in openEDR logs in windows

@nivedithab Niveditha Balakrishnan — Mon, 20 May 2024 05:54:42 +0000

hi @immaculate

Thank you for writing to us, I have shared your query with the backend team to look into it

What base_eventType values and baseType values says in openEDR logs in windows

@immaculate — Mon, 20 May 2024 05:18:11 +0000

hello thank you for your response
I have gone through the above things but IDK how i have to implement those for the below things:

" here it showing the base event and base in number how could we know that what it define. I also searched about those i’m not getting any information about that numbers.
and
as it showing the file path how can i detect the malware from it "

and
openedr/edrav2/iprj/libcore/inc/events.hpp at release-2.5 · ComodoSecurity/openedr · GitHub if this link is the explanation about what base_event field number means. Then what about base_type field numbers means

can you explain please !
i’m a newbie for openedr.

What base_eventType values and baseType values says in openEDR logs in windows

@nivedithab Niveditha Balakrishnan — Fri, 17 May 2024 09:11:58 +0000

hi @immaculate

Please refer to the below links

github.com

ComodoSecurity/openedr/blob/release-2.5/edrav2/iprj/libcore/inc/events.hpp

//
// edrav2.libcore project
//
// Declaration of EDR events
//
// Author: Yury Kroshin (13.02.2019)
// Reviewer: Denis Bogdanov (14.02.2019)
//
#pragma once
#include "crypt.hpp"

// TODO: Move this file to separate EDR-related project

namespace cmd {

//
// LLE identifiers
//
enum class Event : uint64_t
{

This file has been truncated. show original

github.com

ComodoSecurity/openedr/blob/release-2.5/edrav2/iprj/edrdata/evm.act

{
  "scenario": {
    "$$proxy": "cachedObj",
    "clsid": 1638072916,
    "code": {
      "LLE_CLIPBOARD_READ": [
        {
          "$dst": "policy.rule.state",
          "$set": 255
        },
        {
          "$dst": "policy.rule.state",
          "$if": {
            "$$proxy": "cachedObj",
            "args": [
              {
                "$$proxy": "cachedObj",
                "args": [
                  {
                    "$default": 255,

This file has been truncated. show original

What base_eventType values and baseType values says in openEDR logs in windows

@immaculate — Fri, 17 May 2024 04:23:27 +0000

yes please!
thank you!