I can't legally suggest a way for you to bypass EDR, but the “rundll32.exe C:\windows\System32\comsvcs.dll” that you have done here can be said that there is no EDR left in the market that will not catch this command. Also, opening a file, writing into it and saving the file is also not ignored by an EDR, you need to do this through a process that is already doing this, so that the EDR will ignore a process that is in exclusion. In short, when trying EDR Bypass, you need to fully understand the working logic first, I can leave you a few links for this;

https://www.vaadata.com/blog/antivirus-and-edr-bypass-techniques/ https://medium.com/@ankitsinha81195_47457/a-deep-dive-into-edr-bypass-strategies-ed25b3929bb1 https://github.com/tkmru/awesome-edr-bypass