Introducing Open Source EDR

Comodo is proud to offer our EDR as open source because we feel strongly that as cyber-threats increase, every company should have access to this capability regardless of their budget or ability to purchase it

OpenEDR is an Open Source initiative started by Comodo

We at Comodo believe in creating an open source cybersecurity platform where products and services can be provisioned and managed together. EDR is our starting point.

OpenEDR is a full blown EDR capability. It is one of the most sophisticated, effective EDR code base in the world and with the community’s help it will become even better.

The OpenEDR consists of
the following components:
Core Library

the basic framework;


service application;

Process Monitoring

components for per-process monitoring;

System Monitor

the genetic container for different kernel-mode components;

File-System Mini-Filter

the kernel component that hooks I/O requests file system;

Network Monitor

monitors processes creation/deletion using system callbacks

Low-Level Registry Monitoring Component

monitors registry access using system callbacks

Self-Protection Provider

prevents EDR components and configuration from unauthorized changes

Low-Level Process Monitoring Component

network filter for monitoring the network activity

Join the Open Community
Enroll to the online forums

Have questions about our OpenEDR open-source code? Join our open community! The community allows members to ask and respond to questions, interact with other users, and review topics related to OpenEDR.

Enroll Today
Endpoint Visibility Monitoring

Open EDR allows you to enhance your existing EPP with actionable data to track
suspicious activities related to ransomware, data breaches and malware

API Compatitable

Injected DLL libraries are available for different processes and hooks API calls

Reflected Loader

Loader for Injected DLL driver component loads injected DLL into each new process

Under Control

Controller for Injected DLL service component for interaction with Injected DLL;

Access on Git Repo
Need Rapid Deployment? Try Comodo Dragon EDR.
Enhance your EPP to Prevent
Ransomware, Data Breaches, & Malware

Proven to be the best way to convey this type of information,
provide more than just data, they offer actionable knowledge.

Open Edr Forecast Telemetry
Stay Ahead to Stop Cyber Attacks
  • We will tailor the group policy to your requirements including endpoint-specific policies for enhanced security
  • Real-time visibility and continuous analysis are the vital elements of the entire endpoints
  • Infinitely more telemetry data can be collected via fuly customizable policies
Track Infected Endpoints to Contain Threats
  • Protection against zero-day web threats, without hindering employee productivity.
  • Detect 100% of unknown fileless threats with Comodo's intelligent file analysis engine.
  • Apply our recommended policy, created upon a examination of threat behavior analytics.
Suspicious Activity Validation
Cyber Attack Visualization
Quickly see How to Fix the Root Problems
  • Attack vectors are shown on your dashboard combining with file trajectory and process hierarchy.
  • Process-based events are shown in a tree-view structure to help analysts better understand process behavior.
  • Device trajectory details are provided with separate screens to drill down into devices for insight when investigating attack vectors.
Dragon Platform | EDR

Don't have the technical knowledge to setup OpenEDR? Get continuous real-time visibility of your endpoints with detection & response. Your IT team will be able to identify attacks with accurate root-cause analysis for effective remediation intelligence. Proven to be the best way to convey this type of information, provide more than just data, they offer actionable knowledge.

Learn More