This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server EDR: Updated to include Admin Tools

The Server EDR EAP now captures all PowerShell executions so that they can be reviewed and analysed.

Is PowerShell bad? Not necessarily. In fact, most PowerShell executions are not malicious, but PowerShell can be (and often is) taken advantage of.

The new Sophos EDR capabilities offer the ability to track down the malicious executions that otherwise may remain hidden. For example, executions which use the encoded command argument are more likely to be associated with bad behaviour and are less common in good executions.

Details being captured include:
• Command line arguments passed
• Time of the execution
• User who ran the process
• Parent process name
• Parent process hash

Learn more:
https://vimeo.com/330769513/f24084019f 

 

Regards,

Stephen



This thread was automatically locked due to age.