Product

HarfangLab EPP: everything you need to know about our antivirus

The HarfangLab Guard package combines the detection capabilities of an EDR and EPP to empower analysts more than ever. Let's take a closer look at how this antivirus included in the EPP works.
4 min

An EDR + EPP bundle to make analystslives easier 

Supporting cybersecurity analysts in their work to protect information systems and remediate threats remains one of our top priorities. EPP’s ability to automate the blocking of known threats means that analysts can limit their workload and prioritize the finer-grained exploration of data collected with an EDR.   

By combining EDR and EPP, cybersecurity experts can also centralize all data and management of security solutions in a single location, enabling them to effectively monitor all IT activity. Juggling different tools and data silos becomes a thing of the past. 

And the good news gets better: cybersecurity analysts aren’t the only ones to benefit from an EDR + EPP bundle.

Attention information system managers and users

Combining EDR and EPP is also an advantage for teams in charge of configuring security solutions, since they can deploy the tools needed to protect endpoints in a single operation: EDR, antivirus, firewall, external device management (USB, bluetooth, etc.) They can also operate them all from a single dashboard, reducing the risk of errors or incompatible configurations of different solutions deployed on the same endpoint.   

For an IT department, an EDR + EPP package means a single sales cycle, a single installation and update cycle. That translates to fewer resources devoted to managing these tools. 

Finally, for end users of the information system, combining EDR and EPP enables them to better understand what is happening on their workstation, and to become key players in their organization’s security.
Although end users do not have access to EDR, the alerts generated by EPP enable them to see if a threat has been detected and to be aware of the risks.
 

Speaking of which, how does HarfangLab’s EPP detect and block threats via its antivirus? 

Antivirus functions integrated directly into the agent 

HarfangLab incorporates the IKARUS antivirus engine, based on an antivirus database and various viral load assessment techniques that is the result of 40 years’ experience in virus and malware scanning. It is 100% configured and managed from the HarfangLab dashboard, which remains the single point of entry, optimizing both operational management and resource consumption.  

Detection rules are supplied by IKARUS and are updated automatically and regularly. They’re then integrated and managed by HarfangLab which redistributes them to clients, keeping control over the integrated rules.

 

HafangLab EPP and antivirus

 

Let’s get to the heart of the matter: the advantages of the antivirus included in HarfangLab’s EPP.
 

Files and behavior analysis to block malware 

The antivirus analyzes file signatures and characteristics (extension, header, etc.), regardless of the operating system (Windows, MacOS, Linux) to determine whether the file is a threat or legitimate. Depending on the type of file, it is analyzed as soon as it is placed on the disk or at runtime.  

The antivirus can then block or even quarantine these files if the signature corresponds to a known threat in its database.   

More precisely, each file, regardless of its appearance (size, extension, etc.), is subject to a multi-stage process involving heuristics and behavioral analysis in addition to static and traditional signature-based analysis 

Analysis includes suspicious data elements, as well as signature and exploit detection, for immediate virus isolation and neutralization. Files are executed and, if necessary, monitored and analyzed in a closed virtual environment.

Now that we’ve seen how threats are analyzed, let’s move on to antivirus configuration. 

Antivirus policies and configuration options 

All configuration (rule customization, whitelists, etc.) is carried out in the EDR, which reinforces EPP capabilities. This means that day-to-day configuration and management of the EPP, and therefore the antivirus, is simple and requires no specific training. 

As for IT resources, the more scans an antivirus performs, the more power it needs. So to optimize endpoint performance, you can easily limit scans to certain file types.  

 

In short, the antivirus included in HarfangLab’s EPP enables: 

  • Automatic blocking of known threats for all operating systems, reducing alert fatigue 
  • Very few false positives
  • Detection capabilities even when offline and in closed environments 
  • Rationalized tool management via a single console (threats detected by the antivirus appear in the Threats tab of the EDR for a centralized view) 
  • Strong ROI for your teams: less time spent on detection, more threats blocked 

Find out more about our plans and their benefits: