Menu

eScan Enterprise EDR

(Hybrid Network & Mobile Device Support)

Your network security is as strong as your least secure endpoint. Even a single endpoint left unsecured will increase your network’s vulnerability. To strengthen your network security, you need to secure each and every endpoint. And only via this way, you can reduce cyberattack risks.

A cybercriminal uses following ways to conduct a cyberattack:

  • Launch scripts and executables that download malicious payload or run other malicious programs
  • Run malignant scripts without user’s knowledge in the background
  • Make a program violate its rights and escalate permissions for suspicious activities

If unruly behavior is observed across genuine programs, they are assumed malicious as they can get manipulated by malware. In such situations, Boundary Protection Rules can contain all the threats and strengthen your network’s safety.

You can use the Safety Check/Audit Mode to analyse how the Boundary Protection Rules (surface attack detection) can improve your network security, if enabled. To ensure your network isn’t jeopardized, always audit events generated by Boundary Protection Rules. This way you can understand how all of your applications are getting affected.

Not all genuine applications are developed with maximum security concerns and may appear as if they are executing the same behaviour as malware. By observing the Safety Check Report, you can add security exclusions for genuine applications and apply Boundary Protection Rules to your network, without slowing down endpoint performance.

Whenever a boundary protection rule is violated, an alert will be sent to the administrator. You can configure the Alert Settings for multiple recipients, as per your requirements. To ensure maximum protection, you need to deploy a full eScan Enterprise EDR license, which lets you use full capabilities of EDR including Monitoring, Statistics, and workflows available in the eScan Enterprise EDR.

The eScan dashboard will display complete EDR activity across your network. You can also download and export the EDR reports to observe actions taken by Boundary Protection Rules.

To experience the benefits of this product, why not give it a try and consider making it yours?
Write to us sales@escanav.com


Language Versions


English, German, French, Nederlands, Italian, Portuguese, Spanish, Turkish, Chinese Simplified, Chinese Traditional, Greek, Korean, Norwegian, Russian, Polish, Latin Spanish, Czech, and Slovak.


Benefits

Ensures Business Continuity

Ensures Business Continuity

Prevents Malware Outbreaks, Data theft, Productivity loss and Security violations.

Reduces IT Costs

Reduces IT Costs

Reduces Security Management costs through File Reputation Services, Asset Management, Print activity, ADS integration and Support for VMware, SYSLOG, SNMP, NAC and NAP.

Prevents Spreading Of Malware Infection On Networks

Prevents Spreading Of Malware Infection On Networks

Informs administrator about outbreaks in the network in order to take immediate action.

Monitor Devices Connected Within The Network

Monitor Devices Connected Within The Network

Assists in monitoring devices that are connected to the system. Using the Password Protection feature, unauthorized devices can be easily blocked.

Efficiently Scans And Analyzes All The Incoming & Outgoing Mails

Efficiently Scans And Analyzes All The Incoming and Outgoing Mails

Scans all emails in real-time for Viruses, Worms, Trojans, Spyware, Adware and hidden malicious content using powerful, heuristic driven Dual Anti-Virus engines.

Key Features

New Secured Unified Web Interface

New Secured Unified Web Interface

eScan’s new Secure Web Interface uses SSL technology to encrypt all communications. A summarized dashboard provides administrator the status of managed clients in graphical formats such as deployment status, protection status and protection statistics.

Asset Management

Asset Management

eScan’s Asset Management module provides the entire hardware configuration and list of software installed on endpoints. This helps administrators to keep track of all the hardware as well as software resources installed on all the endpoints connected to the network.

Role Based Administration

Role Based Administration

Role based administration through eScan Management Console enables the administrator to share the configuration and monitoring responsibilities of the organization among several administrators. Using this feature, pre-defined roles can be assigned to the administrators, each with own set of rights, permissions and groups.

Client Live Updater

Client Live Updater

With the help of eScan’s Client Live Updater, events related to eScan and security status of all endpoints are captured and recorded / logged and can be monitored in real-time. Also, the events can be filtered to retrieve exact required information to closely watch security level on all managed endpoints on a real-time basis.

Outbreak Prevention

Outbreak Prevention

This allows administrator to deploy outbreak prevention policies during an outbreak that restricts access to network resources from selected computer groups for a defined period of time.
The outbreak prevention policies will be enforced on all the selected computers or groups. Incorrect configuration of these policy settings can cause major problems with the computers.

Print Activity

Print Activity

eScan comprises of Print Activity module that efficiently monitors and logs printing tasks done by all the managed endpoints. It also provides a detailed report in PDF, Excel or HTML formats of all printing jobs done by managed endpoints through any printer connected to any computer locally or to the network.
Note – Print Activity features are valid for endpoints with Windows Operating system only.

One-Time Password

One-Time Password

Using One-Time password option, the administrator can disable any eScan module on any client computer for a desired period of time. This helps to restrict user access from violating a security policy deployed in a network.
Note – One Time Password features are valid for endpoints with Windows Operating system only.

Session Activity Report

Session Activity Report

eScan Management Console monitors and logs the session activity of the managed computers. It will display a report of the endpoint startup/ shutdown/ logon/ log off/ remote session connects/ disconnects. With this report the administrator can trace the user Logon and Logoff activity along with remote sessions that took place on all managed computers.

Active Directory Synchronization

Active Directory Synchronization

With the help of Active Directory synchronization, the administrator can synchronize eScan Centralized Console groups with Active Directory containers.
New computers and containers discovered in Active Directory are copied into eScan Centralized Console automatically and the notification of the same can be sent to the system administrator. Administrator can also choose to Auto Install or Protect discovered Windows workstations automatically.

Policy Templates

Policy Templates

Policy deployment can be made easy through policy templates; this will allow the administrator to create policy templates and deploy it to the desired managed groups.

Windows OS and App Patch/Update Management

Windows OS and App Patch/Update Management

eScan's Patch Management Module auto-updates Windows OS security patch from Cloud or from EMC Console, on PC’s those are part of DMZ/Air-Gapped Networks. The module also reports patching availability for Critical Apps like Adobe, Java, etc.

Endpoints Key Features

Device Control

Device Control

It helps in monitoring USB devices that are connected to Windows or Mac endpoints in the network. On Windows endpoints, administrators can allow or block access to USB devices. Unauthorized access to USB devices can be blocked using password protection, thus preventing data leakage.

Data Theft Notification

Data Theft Notification

eScan sends notifications to administrator of the web-console when any data (which is not read-only) on the client system’s hard disk is copied to the USB.

Application Control

Application Control

It allows you to block / whitelist as well as define time restriction for allowing or blocking execution of applications on Windows endpoints. It helps in accessing only the whitelisted applications, while all other third-party applications are blocked. On Android by default, all downloaded applications are blocked and are whitelisted only by entering password.

Advanced Anti-Spam

Advanced Anti-Spam

eScan checks the content of outgoing and incoming mails as well as scans all the emails in real-time for Viruses, Worms, Trojans and hidden malicious content using powerful, heuristic driven Dual Anti-Virus engines. Thus, online threats are averted before they enter the network via emails.

Enhanced Two-way Firewall

Enhanced Two-way Firewall

The two-way firewall with predefined rule sets will help you in putting up a restriction to incoming and outgoing traffic as well as hacking. It provides the facility to define the firewall settings as well as to define the IP range, permitted applications, trusted MAC addresses and local IP addresses.

Privacy Control

Privacy Control

Privacy control allows scheduling the auto erase of your cache, ActiveX, cookies, plugins and history. It also helps you to permanently delete files and folders without the fear of having them retrieved through the use of third-party applications, thus preventing misuse of data.

Advanced Web Protection

Advanced Web Protection

eScan comes with an advanced Web Protection feature that allows administrators to define the list of websites to be blocked or whitelisted on endpoints connected to the network where eScan is installed. For Windows endpoints eScan also provides the facility for time-based access restriction.

On Demand Scanning

On-Demand Scanning

Being very light on system resources, eScan facilitates faster scan of endpoints. This ensures that endpoint does not slow down, even while eScan is performing an On-demand scan of the files / directories that you access or copy onto your endpoint. It even allows you to select different files / folders, directories or running processes in your endpoint and scan them for viruses.

Privacy Advisor

Privacy Advisor

eScan comprises of Privacy Advisor that provides you the complete list of application using device permissions in a classified format. This helps you to keep a check on the security level of all applications installed.

Anti-Theft

Anti-Theft

eScan helps you in data blocking, data wiping, SIM watching and locating your Android-based device through GPS finder. With its Anti-Theft feature, eScan ensures complete protection to your Android from any unauthorized access on the event, if your device is lost or stolen.

Schedule scan

Schedule scan

eScan offers you an option for scheduled scanning, which will run seamlessly in the background without interrupting your current working environment. It performs scheduled scans for selected files / folders or the entire system for the scheduled period, thus providing you the best protection against cyber threats.

Endpoint Detection and Response (EDR) Key Features

Block executable content from email client and webmail

Block executable content from email client and webmail

This rule blocks the executables and script files that autotun quickly after opening an email.

  • Executable files (such as .exe, .dll, or .scr)
  • Script files (such as a PowerShell .ps, Visual Basic .vbs, or JavaScript .js file)

Block all Office applications from creating child processes

Block all Office applications from creating child processes

The malware can infect Office apps and manipulate them to run child processes. This rule blocks all office applications from creating child processes. The rule will block programs from running VBA macros, spawn commands, and Powershell to modify Registry Settings.

Block Office applications from creating executable content

Block Office applications from creating executable content

The Office apps can be used as a medium by malware and forced to save malignant files. These malignant files can avoid detection and reside on system to spread infection. This rule blocks all office programs from creating and saving a suspicious executable file, by blocking the malignant code from saving on the disk.

Block Office applications

Block Office applications from injecting code into other processes

Cybercriminals can use programs to transfer malignant code into other process via code injection method, so the code appears completely genuine. This rule blocks programs from injecting code into other processes.

Block JavaScript or VBScript

Block JavaScript or VBScript from launching downloaded executable content

Running a malignant JavaScript or VBScript may download malicious payload or run other processes in background without the user’s knowledge. This rule blocks JavaScripts or VBScripts from running downloaded executable content.

Block execution of potentially obfuscated scripts

Block execution of potentially obfuscated scripts

To decrease script loading times or hide malicious code, cybercriminals obfuscate the scripts. As a result, malware easily avoids the detection by human eye and even cybersecurity solutions. This rule looks out for malicious code in an obfuscated scripts and upon detection blocks its execution.

Block Win32 API calls from Office macros

Block Win32 API calls from Office macros

With VBA macros, Office applications can make Win32 API calls. The malware can use this trick to their advantage and abuse Office apps to call Win32 APis and run malicious shellcode on endpoints without saving any data on the disk. This rule prevents VBA macros from calling win32 APIs.

Use advanced protection against ransomware

Use advanced protection against ransomware

All executable files on system are scanned for their genuineness. If the files appear as ransomware, this rule blocks those files from running. An exception can be made to specific files if added to an exclusion list.

Block credential stealing from the Windows local security authority subsystem

Block credential stealing from the Windows local security authority subsystem

Cybercriminals can steal NTLM hashes and cleartext passwords from Local Security Authority Subsystem Service (LSASS) by using hacking tools. This rule blocks credential stealing, by preventing access to the LSASS.

Block process creations from WMI

Block process creations from WMI and PsExec commands

WMI and PsExec are capable of remote code execution. A malware can use this feature and run malicious commands on systems and infect an organization’s network. This rule blocks process creations from WMI and PsExec commands.

Block untrusted and unsigned processes that run from removable devices

Block untrusted and unsigned processes that run from removable devices

This rule blocks all untrusted and unsigned executables files (.exe, .dll, or .scr) from running from removable devices like USB drives and SD cards.

Block Office communication application from creating child processes

Block Office communication application from creating child processes

This rule blocks exploit code from abusing Outlook vulnerabilities and protects users from social engineering attacks. Additionally, the rule also protects users from forms exploits and outlook rules used by cybercriminals when a user’s credentials are leaked. Although this rule blocks Outlook from creating child process, it allows Outlook to perform genuine functions.

Block Adobe Reader from creating child processes

Block Adobe Reader from creating child processes

Via an exploit or social engineering, the malware can abuse Adobe Reader to download malicious payload and free itself from the program. This rule blocks all child processes from Adobe reader and thus reduces its chances of being used as a medium.

Block persistence through WMI event subscription

Block persistence through WMI event subscription

This rule prevents malware from abusing WMI to attain persistence on a device.

If you have any doubts regarding the EDR, send an email to Enterprise support team at support@escanav.com

LOAD MORE FEATURES

Other Highlights

  • Unified Console for Windows, Android, Mac and Linux
  • eScan Cloud Security
  • Set advanced security policies
  • Secure Web Interface
  • License Management
  • Wizard to create a Windows®-based Rescue Disk to clean Rootkits and File infectors
  • Task deployment
  • Manage updates
  • File Reputation Services
  • Real-Time Protection against Malware
  • Sophisticated File Blocking and Folder Protection
  • Powerful Heuristic Scanning for Proactive Protection
  • Auto Back-up and Restore of Critical System files
  • Export and Import of Settings
  • Inbuilt eScan Remote Support
  • 24x7 FREE Online Technical Support through e-mail, Chat and Forums

*Note: Not all features are available on all platforms.

 

Will Your System Support This Software? You can find it here…

Operating Systems:

For Windows (Windows server & workstations) Platforms Supported

  • Microsoft® Windows® 2022 / 2019 / 2016 / 2012 / SBS 2011 / Essential / 2008 R2 / 2008 / 2003 R2 / 2003 / 11 / 10 / 8.1 / 8 / 7 / Vista / XP SP 2 / 2000 Service Pack 4 and Rollup Pack 1 (For 32-bit and 64-bit edition)

For Server

  • CPU: 3.0 GHz Intel™ Core™ Duo processor or equivalent
  • Memory: 4 GB & above
  • Disk Space: 8 GB & above (SSD Drive Preferable)

For Endpoints (Windows)

  • CPU - 2.0 GHz recommended Intel Pentium or equivalent
  • Memory - 1.0 GB and above
  • Disk Space (Free) – 1 GB and above (SSD Drive Recommended)

eScan Management Console can be accessed by using following browsers:

  • Internet Explorer 10 and above
  • Firefox 14 and above
  • Google Chrome latest version

For Linux
(Linux Endpoints) Platform Supported:

  • RHEL 4 and above (32 and 64 bit) CentOS 5.10 and above (32 and 64 bit) SLES 10 SP3 and above (32 and 64 bit) Debian 4.0 and above (32 and 64 bit) openSuSe 10.1 and above (32 and 64 bit) Fedora 5.0 and above (32 and 64 bit) Ubuntu 6.06 and above (32 and 64 bit), Mint 12 and above (32 and 64 bit).

Hardware Requirements (Endpoints) :

  • CPU: Intel® Pentium or compatible or equivalent.
  • Memory: 1 GB and above
  • Disk Space: 1 GB free hard drive space for installation of the application and storage of temporary files

For Mac
(Mac Endpoints) Platforms Supported:

  • OS X Snow Leopard (10.6 or later), OS X Lion (10.7 or later), OS X Mountain Lion (10.8 or later), OS X Mavericks (10.9 or later) OS X Yosemite (10.10 or later), OS X El Capitan (10.11 or later), macOS Sierra (10.12 or later), macOS High Sierra (10.13 or later), macOS Mojave (10.14 or later), macOS Catalina (10.15 or later), macOS Big Sur (11.0 or later).

Hardware Requirements (Endpoints):

  • CPU: Intel based Macintosh
  • Memory: 1 GB and above
  • Disk Space: 1 GB and above
Live Chat
Top