Question about malware sample distribute / sharing

Mrjh0n1337 · May 23, 2025, 9:30am

I'm a pentester exploring malware dev and want to setup Elastic EDR locally for testing, for the life of me i can't not find anything about detected sample getting share further analysis in Elastic documents.

A friend from work / the red teaming field said there is and i should just turn of the internet for local testing but this will take away some of the capabilities, so my question is does Elastic EDR have a sample sharing thing similar to Microsoft sample submission and if yes how or could i turn it off as a free trial user?

Joe_Desimone · May 27, 2025, 6:03pm

We are working to improve documentation on what is collected by default and the associated configuration options. I believe the applicable option here is [os].advanced.alerts.sample_collection. You can find it in the "advanced" section of the Elastic Defend policy configuration policy. This can be set to false to disable sample collection.

system · June 24, 2025, 6:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Temporarily disable Elastic Endpoint on a specific host Endpoint Security elastic-stack-security	4	59	June 25, 2025
Endgame not detecting malware Endpoint Security	8	1845	December 21, 2021
Elastic EDR Problem Endpoint Security elastic-stack-security	2	86	January 9, 2025
How to test malware protection? Endpoint Security	3	2128	October 26, 2020
How to stop Elastic Endpoint Endpoint Security	6	5572	April 12, 2021

Question about malware sample distribute / sharing

Related topics