Comodo Endpoint Protection

Version: Comodo Endpoint Protection

Comodo Endpoint Protection (EP) is a powerful event analysis tool that provides real-time monitoring and detection of malicious events on Windows Endpoints.?Endpoint Protection?allows you to view the threats in a detailed timeline and instantly alerts about an attack.

Comodo Endpoint protection agent writes events automatically on Windows event viewer. Netsurion Open XDR agent picks logs and sends to Netsurion Open XDR. Comodo sends events like antivirus scan, HIPS, HIDS, containment, file rating, autorun, and configuration changes. Generates reports on potentially unwanted applications, antivirus scan detail, file rating, intrusion activities, configuration changes on Endpoint, alerts, threats detected, and unwanted files removed, etc. It contains username, client IP address, status, action, file path, file name, and hash. Graphically displays threat detected by file name, device name, device IP, file management Intrusion detected by filename, etc.

  • Security – Containment (unknown or potentially unwanted applications) events, Intrusion prevention system events, File rating events
  • Operations – Antivirus scan events, Antivirus update events, autorun events
  • Compliance – Configuration changes events

After Comodo EP is configured to deliver events to Netsurion Open XDR, then alerts, dashboards, and reports can be configured into Netsurion Open XDR.

To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.