Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Introduction

System Overview

AnyOne EDR is an endpoint detection and response platform made by MarkAny GaneshaIT. It is deployed as two components: endpoint agents and a backend server. The endpoint agent collects telemetry on each host. The backend server ingests that telemetry, stores it, detects malicious patterns, and runs automated LLM-assisted or manual SOC analysis to remediate threats. The SOC dashboard gives operators a single place to monitor security posture and dispatch response actions.

This documentation covers the endpoint agent. The backend components (the gateway, the SOC dashboard, the static-analysis service, and the certificate authority) are operated separately and are out of scope here.

AnyOne EDR Agent is AnyOne EDR’s Windows endpoint agent. It collects kernel-level telemetry, normalizes it to OCSF (v1.8.0), and streams it to the cloud backend over gRPC. On startup it enrolls by opening a long-lived mTLS control channel to the gateway. Beyond telemetry it also runs locally: static-analysis orchestration, tamper detection, and remediation (kill process, quarantine file, isolate host), both on server command and autonomously. Event correlation and alerting remain server-side.

Document Purpose

This guide explains how to install, configure, and run the AnyOne EDR Windows endpoint agent. It is written for the people who put the agent on endpoints:

  • end users following a one-time install link,
  • administrators rolling the agent out from the SOC dashboard,
  • and engineers deploying or troubleshooting it by hand.

Document Scope

This guide covers installation of the Windows endpoint agent only. It does not cover deploying or operating the backend components.

🚧 A unified operational handbook that also covers backend deployment is planned for a future version. It is not part of this document.