Overview

Kandji Endpoint Detection & Response (EDR) is a Mac-native security add‑on integrated directly into the Kandji device management agent. It provides advanced threat detection—leveraging both signature and behavior-based methods—alongside automated quarantine and remediation. Designed exclusively for macOS, Kandji EDR delivers deep system visibility, malware and PUP classification, and tailored responses embedded seamlessly within the Kandji blueprint framework, all without additional software installation.

Features and Capabilities

• Unified macOS agent: EDR runs on Kandji’s existing macOS agent—no extra installs, low overhead.
• Metadata & pre‑execution detection: Scans file metadata and pre‑execution patterns to catch novel threats.
• Behavioral heuristic detection: Identifies suspicious behaviors like network calls, process spawning, USB access, and attempts to disable security tools.
• Automated quarantine & remediation: Quarantines malicious files, kills harmful processes, and updates threat status automatically.
• Allow/block lists: Supports customizable hash and path-based whitelists/blacklists.
• Threat visibility dashboard: Centralized Threats view lets admins filter by malware, PUPs, status, device, hash, user, and more.
• Device‑level traceability: Each endpoint logs detailed detection history—including hashes, process, user, and remediation events.
• Avert Blueprint integration: Activate via Kandji Blueprints—no need to separately deploy software.
• Security research-backed: Built and maintained by Kandji’s macOS threat research team; first to detect multiple new malware and macOS vulnerabilities.
• Attack simulation tool: Comes with a built-in attack simulator to test real-world detection capabilities.