• lud@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Is that the way that EDR is implemented on Linux or are you guessing?

    • progandy@feddit.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 months ago

      Currently, cloudstrike offers two methods for Linux: a kernel driver / module and a theoretically safer alternative using epbf (you could call that “kernel level scripting”). Ironically, they triggered a kernel bug using that second option. They did not test all kernels they listed as compatible or something like that.