eScan Vision Core XDR

Ensures Business Continuity

Prevents Malware Outbreaks, Data theft, Productivity loss and Security violations.

MITRE ATT&CK Framework

eScan has included MITRE ATT&CK framework to analyze every threat incident detected by Vision Core XDR. It displays the details of the TTPs (tactics, techniques, and procedures) involved in the attack. The framework shows information related to the TTPs used by the attackers to break into the systems. Organization's threat intelligence team can use this framework to detect adversarial behavior and to map observed activity to specific ATT&CK techniques to understand what stage of an attack they faced. This information of TTPs can also be used to share intelligence on emerging threats, helping organizations stay up-to-date with evolving attack methods.

IP Radar

eScan added IP Radar in its web console dashboard which is a global map where you can view all the Active and Established IP connections initiated and connected to eScan server. This feature allows you to trace all the connections that are currently running via eScan server. In simple terms, when IP communication is initiated between XDR sensor and other resources globally, it will be marked on the map with colored lines depending on the type of connection. Also, you can easily choose domestic, foreign, or all the connections for specific view on the map.

Phishing Simulation

eScan offers Phishing Simulation which is a functionality that enables organization's threat intelligence team to assess employees' understanding of email phishing threats widely used by attackers. In simple terms, phishing simulation is an internal activity where a mock phishing email is sent to employees to assess whether they click on embedded links or ignore the email. These phishing mails are created by mimicking the actual phishing emails. If the employees respond to the mail by clicking the email links, the action gets stored for further analysis of conducting Phishing awareness program.

New Secured Unified Web Interface

eScan’s new Secure Web Interface uses SSL technology to encrypt all communications. A summarized dashboard provides administrator the status of managed clients in graphical formats such as deployment status, protection status and protection statistics.

Asset Management

eScan’s Asset Management module provides the entire hardware configuration and list of software installed on endpoints. This helps administrators to keep track of all the hardware as well as software resources installed on all the endpoints connected to the network.

Role Based Administration

Role based administration through eScan Management Console enables the administrator to share the configuration and monitoring responsibilities of the organization among several administrators. Using this feature, pre-defined roles can be assigned to the administrators, each with own set of rights, permissions and groups.

Client Live Updater

With the help of eScan’s Client Live Updater, events related to eScan and security status of all endpoints are captured and recorded / logged and can be monitored in real-time. Also, the events can be filtered to retrieve exact required information to closely watch security level on all managed endpoints on a real-time basis.

Outbreak Prevention

This allows administrator to deploy outbreak prevention policies during an outbreak that restricts access to network resources from selected computer groups for a defined period of time.
The outbreak prevention policies will be enforced on all the selected computers or groups. Incorrect configuration of these policy settings can cause major problems with the computers.

Print Activity

eScan comprises of Print Activity module that efficiently monitors and logs printing tasks done by all the managed endpoints. It also provides a detailed report in PDF, Excel or HTML formats of all printing jobs done by managed endpoints through any printer connected to any computer locally or to the network.
Note – Print Activity features are valid for endpoints with Windows Operating system only.

One-Time Password

Using One-Time password option, the administrator can disable any eScan module on any client computer for a desired period of time. This helps to restrict user access from violating a security policy deployed in a network.
Note – One Time Password features are valid for endpoints with Windows Operating system only.

Session Activity Report

eScan Management Console monitors and logs the session activity of the managed computers. It will display a report of the endpoint startup/ shutdown/ logon/ log off/ remote session connects/ disconnects. With this report the administrator can trace the user Logon and Logoff activity along with remote sessions that took place on all managed computers.

Active Directory Synchronization

With the help of Active Directory synchronization, the administrator can synchronize eScan Centralized Console groups with Active Directory containers.
New computers and containers discovered in Active Directory are copied into eScan Centralized Console automatically and the notification of the same can be sent to the system administrator. Administrator can also choose to Auto Install or Protect discovered Windows workstations automatically.

Policy Templates

Policy deployment can be made easy through policy templates; this will allow the administrator to create policy templates and deploy it to the desired managed groups.

Windows OS and App Patch/Update Management

eScan's Patch Management Module auto-updates Windows OS security patch from Cloud or from EMC Console, on PC’s those are part of DMZ/Air-Gapped Networks. The module also reports patching availability for Critical Apps like Adobe, Java, etc.

Device Control

It helps in monitoring USB devices that are connected to Windows or Mac endpoints in the network. On Windows endpoints, administrators can allow or block access to USB devices. Unauthorized access to USB devices can be blocked using password protection, thus preventing data leakage.

Data Theft Notification

eScan sends notifications to administrator of the web-console when any data (which is not read-only) on the client system’s hard disk is copied to the USB.

Application Control

It allows you to block / whitelist as well as define time restriction for allowing or blocking execution of applications on Windows endpoints. It helps in accessing only the whitelisted applications, while all other third-party applications are blocked.

Advanced Anti-Spam

eScan checks the content of outgoing and incoming mails as well as scans all the emails in real-time for Viruses, Worms, Trojans and hidden malicious content using powerful, heuristic driven Dual Anti-Virus engines. Thus, online threats are averted before they enter the network via emails.

Enhanced Two-way Firewall

The two-way firewall with predefined rule sets will help you in putting up a restriction to incoming and outgoing traffic as well as hacking. It provides the facility to define the firewall settings as well as to define the IP range, permitted applications, trusted MAC addresses and local IP addresses.

Privacy Control

Privacy control allows scheduling the auto erase of your cache, ActiveX, cookies, plugins and history. It also helps you to permanently delete files and folders without the fear of having them retrieved through the use of third-party applications, thus preventing misuse of data.

Advanced Web Protection

eScan comes with an advanced Web Protection feature that allows administrators to define the list of websites to be blocked or whitelisted on endpoints connected to the network where eScan is installed. For Windows endpoints eScan also provides the facility for time-based access restriction.

On-Demand Scanning

Being very light on system resources, eScan facilitates faster scan of endpoints. This ensures that endpoint does not slow down, even while eScan is performing an On-demand scan of the files / directories that you access or copy onto your endpoint. It even allows you to select different files / folders, directories or running processes in your endpoint and scan them for viruses.

Privacy Advisor

eScan comprises of Privacy Advisor that provides you the complete list of application using device permissions in a classified format. This helps you to keep a check on the security level of all applications installed.

Anti-Theft

eScan helps you in data blocking, data wiping, SIM watching and locating your Android-based device through GPS finder. With its Anti-Theft feature, eScan ensures complete protection to your Android from any unauthorized access on the event, if your device is lost or stolen.

Schedule scan

eScan offers you an option for scheduled scanning, which will run seamlessly in the background without interrupting your current working environment. It performs scheduled scans for selected files / folders or the entire system for the scheduled period, thus providing you the best protection against cyber threats.

Block executable content from email client and webmail

This rule blocks the executables and script files that autotun quickly after opening an email.

• Executable files (such as .exe, .dll, or .scr)
• Script files (such as a PowerShell .ps, Visual Basic .vbs, or JavaScript .js file)

Block all Office applications from creating child processes

The malware can infect Office apps and manipulate them to run child processes. This rule blocks all office applications from creating child processes. The rule will block programs from running VBA macros, spawn commands, and Powershell to modify Registry Settings.

Block Office applications from creating executable content

The Office apps can be used as a medium by malware and forced to save malignant files. These malignant files can avoid detection and reside on system to spread infection. This rule blocks all office programs from creating and saving a suspicious executable file, by blocking the malignant code from saving on the disk.

Block Office applications from injecting code into other processes

Cybercriminals can use programs to transfer malignant code into other process via code injection method, so the code appears completely genuine. This rule blocks programs from injecting code into other processes.

Block JavaScript or VBScript from launching downloaded executable content

Running a malignant JavaScript or VBScript may download malicious payload or run other processes in background without the user’s knowledge. This rule blocks JavaScripts or VBScripts from running downloaded executable content.

Block execution of potentially obfuscated scripts

To decrease script loading times or hide malicious code, cybercriminals obfuscate the scripts. As a result, malware easily avoids the detection by human eye and even cybersecurity solutions. This rule looks out for malicious code in an obfuscated scripts and upon detection blocks its execution.

Block Win32 API calls from Office macros

With VBA macros, Office applications can make Win32 API calls. The malware can use this trick to their advantage and abuse Office apps to call Win32 APis and run malicious shellcode on endpoints without saving any data on the disk. This rule prevents VBA macros from calling win32 APIs.

Use advanced protection against ransomware

All executable files on system are scanned for their genuineness. If the files appear as ransomware, this rule blocks those files from running. An exception can be made to specific files if added to an exclusion list.

Block credential stealing from the Windows local security authority subsystem

Cybercriminals can steal NTLM hashes and cleartext passwords from Local Security Authority Subsystem Service (LSASS) by using hacking tools. This rule blocks credential stealing, by preventing access to the LSASS.

Block process creations from WMI and PsExec commands

WMI and PsExec are capable of remote code execution. A malware can use this feature and run malicious commands on systems and infect an organization’s network. This rule blocks process creations from WMI and PsExec commands.

Block untrusted and unsigned processes that run from removable devices

This rule blocks all untrusted and unsigned executables files (.exe, .dll, or .scr) from running from removable devices like USB drives and SD cards.

Block Office communication application from creating child processes

This rule blocks exploit code from abusing Outlook vulnerabilities and protects users from social engineering attacks. Additionally, the rule also protects users from forms exploits and outlook rules used by cybercriminals when a user’s credentials are leaked. Although this rule blocks Outlook from creating child process, it allows Outlook to perform genuine functions.

Block Adobe Reader from creating child processes

Via an exploit or social engineering, the malware can abuse Adobe Reader to download malicious payload and free itself from the program. This rule blocks all child processes from Adobe reader and thus reduces its chances of being used as a medium.

Block persistence through WMI event subscription

This rule prevents malware from abusing WMI to attain persistence on a device.

If you have any doubts regarding the eScan Vision Core XDR, send an email to Enterprise support team at support@escanav.com