Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

None of those things require a kernel module with remote code execution to configure properly.


I believe the question was 'in which ways is windows vulnerable by default', and I answered that.

If customers wanted to configure them properly, they could, but they don't. EDR will let them keep all the garbage they seem to love so dearly. It doesn't just check a box, it takes care of many other boxes too.


At work we have two sets of computers. One gets beamed down by our multi-national overlords, loaded with all kinds of compliance software. The other is managed by local IT and only uses windows defender, has some strict group policies applied, BMCs on a separate vlans etc. Both pass audits, for whatever that's worth.


This is the key question for me: is there a way to get [most of] the security benefits of EDR without giving away the keys to the kingdom.


No. If an EDR relies on userland mechanisms to monitor, these userland mechanisms can easily be removed by the malicious process too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: