EDR scans continuously and keeps a 10-minute record of your machine's activity, which is saved only if a security alert is triggered.
The regular scan includes:
- Network activity, such as URL data and DNS lookups
- File activity, such as downloads
- Images loaded
- System processes and registry events (applications and tasks running on the device)
When a security alert is triggered, EDR takes a copy of a second 10-minute interval, including:
- Applications running
- Web sites visited
- File activity, such as downloads
- Processes running on the machine
See our detailed EDR Service article (CalNet Authentication required) for more information.