Introduction
System Overview
AnyOne EDR is an endpoint detection and response platform made by MarkAny GaneshaIT. It is deployed as two components: endpoint agents and a backend server. The endpoint agent collects telemetry on each host. The backend server ingests that telemetry, stores it, detects malicious patterns, and runs automated LLM-assisted or manual SOC analysis to remediate threats. The SOC dashboard gives operators a single place to monitor security posture and dispatch response actions.
This documentation covers the endpoint agent. The backend components (the gateway, the SOC dashboard, the static-analysis service, and the certificate authority) are operated separately and are out of scope here.
AnyOne EDR Agent is AnyOne EDR’s Windows endpoint agent. It collects kernel-level telemetry, normalizes it to OCSF (v1.8.0), and streams it to the cloud backend over gRPC. On startup it enrolls by opening a long-lived mTLS control channel to the gateway. Beyond telemetry it also runs locally: static-analysis orchestration, tamper detection, and remediation (kill process, quarantine file, isolate host), both on server command and autonomously. Event correlation and alerting remain server-side.
Document Purpose
This guide explains how to install, configure, and run the AnyOne EDR Windows endpoint agent. It is written for the people who put the agent on endpoints:
- end users following a one-time install link,
- administrators rolling the agent out from the SOC dashboard,
- and engineers deploying or troubleshooting it by hand.
Document Scope
This guide covers installation of the Windows endpoint agent only. It does not cover deploying or operating the backend components.
🚧 A unified operational handbook that also covers backend deployment is planned for a future version. It is not part of this document.