[GordonS]

For one thing, being difficult to kill is huge selling point for EDR - move it to user space and it's a lot easier to kill.

[pas]

A kernel-space watchdog (that checks integrity of the image) would be much easier than a filter that updates from the internet.

Sure, the whole thing is definitely a hard problem, but CS fucking up even the most basic QA **and** error handling ... it just shows how ridiculous their whole claim to having super fancy technology is.

[__MatrixMan__]

Agreed, but focusing on their QA practices is sort of like criticizing your burglar for not wiping their feet at the window.