Which type of activity recorder does EDR provide?

Symantec Endpoint Detection and Response (EDR) provides anEndpoint activity recorderto monitor, log, and analyze behaviors on endpoints. This feature captures various endpoint activities such as process execution, file modifications, and network connections, which are essential for detecting and investigating potential security incidents.

Purpose of Endpoint Activity Recorder:

The endpoint activity recorder helps track specific actions and behaviors on endpoints, providing insights into potentially suspicious or malicious activity.

This data is valuable for incident response and for understanding how threats may have propagated across the network.

Why Other Options Are Not Suitable:

Virtual(Option A),Email(Option C), andTemporary(Option D) do not accurately represent the continuous and comprehensive nature of endpoint activity monitoring.

References: The endpoint activity recorder in EDR is a core feature for tracking and analyzing endpoint events for enhanced security​.