Announcement

Collapse
No announcement yet.

Migrating from Cwatch EDR to C1 Integrated EDR

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Migrating from Cwatch EDR to C1 Integrated EDR

    I've got a bunch of endpoints on the old Cwatch EDR portal (different account, pre-C1 integration).

    I assume the best way is just to uninstall the agent and re-install with the customer agent in the C1 integrated EDR with the appropriate customer -- but I've got quite a few to do, could there be a procedure made to remote uninstall EDR. I could then run it on every user until I am sure everyone has been removed from the old system, then clone my EDR install procedure to install versions for each customer.

    Or can I just install a new EDR on top of the existing one and it will re-point the agent to the new C1 EDR?

    Or could you guys just write a script that could allow us to re-point our customer agents as a procedure?

    Thanks!

  • #2
    indieserve

    We have created a support ticket and reached you using your email. Thanks.

    Comment


    • #3
      indieserve how do you use EDR in it's current state? Do you just check the dashboard periodically? or only when a client lets you know something odd is happening?

      Comment


      • #4
        Yes. I don't believe there is alerting yet when malware is discovered. EDR is usually a tool that you use for investigation after something else has tipped you off (like antivirus or SIEM from IDS logs or whatever) you can then go in get more detail as to how the malware got on the computer (what process created it) and search all your endpoints for that filehash to see if it has spread. I think EDR is really more useful for advanced threats (live hacks/APTs vs static malware).

        Comment


        • #5
          indieserve ,

          We do have a script procedure to remove the EDR agent. You can utilize https://scripts.comodo.com/frontend/...from-endpoints

          Comment


          • #6
            I also posted an updated script in the Scripts forum, the one you link to may only work with very old versions of the EDR agent. The product name has changed since; (it's no longer EDRPoint or whatever was in the default script).

            Comment


            • #7
              indieserve ,

              Thank you for clarifying. I assume this is the related post https://c1forum.comodo.com/forum/scr...ove-comodo-edr

              Comment


              • #8
                Originally posted by indieserve View Post
                I've got a bunch of endpoints on the old Cwatch EDR portal (different account, pre-C1 integration).

                I assume the best way is just to uninstall the agent and re-install with the customer agent in the C1 integrated EDR with the appropriate customer -- but I've got quite a few to do, could there be a procedure made to remote uninstall EDR. I could then run it on every user until I am sure everyone has been removed from the old system, then clone my EDR install procedure to install versions for each customer.

                Or can I just install a new EDR on top of the existing one and it will re-point the agent to the new C1 EDR?

                Or could you guys just write a script that could allow us to re-point our customer agents as a procedure?

                Thanks!
                Your case is currently being handled. It takes a while as it involves cross-product (C1-EDR) coordinations. I will provide you solution ASAP.

                Comment


                • #9
                  Thanks Alphan! I totally understand, it's a new product/integration etc.

                  Comment

                  Working...
                  X