- Tested on Windows 10, Server 2012R2 to 2019
- Protects endpoints from non-escalated file-based PE Malware (EXE/DLL) & Office-macro malware
- Detects Living-Off-The-Land offensive techniques without hard-coded rules
- Responds by automated or backend triggered malicious process termination
It leverages the following components & reports to an OpenEDR server (click to find out more).
Sysinternal's license: https://docs.microsoft.com/en-us/sysinternals/license-terms
For non-Internet facing endpoints, please download Sysmon, modifiy install.ps1
accordingly & host within your internal web-server.
This is an archived version of NXLog-CE tested with OpenEDR client agents. For commercial deployments, please contact NXLOG for commercial license.
- git clone this
- change Sysmon, smconfig.xml or whatever that you need to
- navigate to the project path (with cmd or powershell)
- run batch file: updateInstaller.bat
See https://github.com/jymcheong/OpenEDRclient/commits/master