<![CDATA[GETOVERX FORUM Community Support

<![CDATA[GETOVERX FORUM Community Support - EDR]]> https://forum.getoverx.com/ Wed, 10 Jun 2026 09:35:54 +0000 MyBB <![CDATA[Help configuring the Corporate EDR Version]]> https://forum.getoverx.com/showthread.php?tid=140 Wed, 18 Feb 2026 00:58:11 +0000 thomasb4083]]> https://forum.getoverx.com/showthread.php?tid=140

Hello community,
I’m configuring the EDR module and I see it supports rule lists (import/export). I’d like to expand the baseline rules safely without causing false positives or system instability.

Where do you recommend sourcing reliable rule ideas or detection guidance?

For example: CISA advisories, NIST recommendations, MITRE ATT&CK mappings, or other reputable public resources that can be translated into EDR rules.
Any suggestions or rule pack structures you’ve tested in real endpoints would be appreciated.
Thanks!]]>

Hello community,
I’m configuring the EDR module and I see it supports rule lists (import/export). I’d like to expand the baseline rules safely without causing false positives or system instability.

Where do you recommend sourcing reliable rule ideas or detection guidance?

For example: CISA advisories, NIST recommendations, MITRE ATT&CK mappings, or other reputable public resources that can be translated into EDR rules.
Any suggestions or rule pack structures you’ve tested in real endpoints would be appreciated.
Thanks!]]> <![CDATA[What does the EDR module monitor and where can I see its logs?]]> https://forum.getoverx.com/showthread.php?tid=89 Fri, 05 Dec 2025 00:28:23 +0000 VilleTai]]> https://forum.getoverx.com/showthread.php?tid=89 I enabled the EDR module but I’m not sure what exactly it does. Is it just another scanner, or does it give me more detailed information about my system? Angel

]]> I enabled the EDR module but I’m not sure what exactly it does. Is it just another scanner, or does it give me more detailed information about my system? Angel

]]> <![CDATA[Unusual process detected – is this malware?]]> https://forum.getoverx.com/showthread.php?tid=1 Sat, 20 Sep 2025 17:42:51 +0000 mrwebfeeder]]> https://forum.getoverx.com/showthread.php?tid=1
Hello community, EDR Lite flagged a process named msworkerupdate.exe running from AppData\\Roaming. I don’t recognize it. Has anyone else seen this behavior? Could this be a new type of malware or just a false positive?]]>
Hello community, EDR Lite flagged a process named msworkerupdate.exe running from AppData\\Roaming. I don’t recognize it. Has anyone else seen this behavior? Could this be a new type of malware or just a false positive?]]>