An endpoint protection platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.

Methods of Endpoint Protection Platform would be

• Prevent File-Based Malware like normal Antivirus

• Detect and block Malicious activities from trusted and untrusted applications

• Provide the investigation and remediation capabilities to respond to security incidents and alerts

• Integrate machine learning to support to give it intelligence to identify behavioral analysis ( what a normal program and malicious code would usually do )

What’s the difference between Antivirus and Endpoint Protection Platform?

Traditional antivirus use a hash ( Signature ) of a file which its pre-determined to be malicious in a database and deletes this file and stops it from running.

It does have some intelligence using Heuristic analysis to analyze source code ( code of software ) and comparing its behavior to a database of known threats

It is also available to check for programs corrupting Operating system files which is how machines are infected.

Due to Polymorphism (which is a virus being able to mutate itself on demand every time it runs ) normal Antivirus cannot detect these constantly changing variants. This is why Traditional AntiVirus’ are getting fazed out and being replaced by EPP or EDR solutions which intelligence behind them to detect these new constantly evolving threats.

If you are a customer of ours you would probably have Webroot which has EPP capabilities built-in :