EDR

What an EDR is for

Where a traditional antivirus only looks for known file signatures, an EDR records all endpoint activity — processes launched, network connections, file modifications, system calls — and detects patterns rather than signatures.

Concretely, an EDR allows you to:

• detect an attack that abuses legitimate tools (LOLBins such as powershell.exe or wmic.exe);
• reconstruct the full timeline of an incident after the fact;
• contain a threat remotely (isolate a machine from the network in one click);
• proactively hunt for threats based on historical telemetry.

EDR vs antivirus vs XDR

An EDR focuses on the endpoint. An XDR extends this logic to cloud, identity, network and email — it is a transversal consolidation. Antivirus still has its place but no longer suffices in 2026: it only blocks the known, not the unknown.

EDR at Hexceos

Hexceos operates its own EDR/XDR engine called Sentinel (v1.2 stable), developed in France by our R&D team and natively integrated with our 24/7 SOC. See our cybersecurity services.