HarfangLab EPP
Professional antivirus

A closer look at how our EPP’s antivirus works.

ativirus-hero-harfanglab

Antivirus functions integrated directly into the agent

HarfangLab incorporates the IKARUS antivirus engine, based on an antivirus database and various viral load assessment techniques that is the result of 40 years’ experience in virus and malware scanning.

It is 100% configured and managed from the HarfangLab dashboard, which remains the single point of entry, optimizing both operational management and resource consumption. 

Detection rules are supplied by IKARUS and are updated automatically and regularly. They’re then integrated and managed by HarfangLab which redistributes them to clients, keeping control over the integrated rules.

icon-40-grey-alert
Reduce alert fatigue
icon-40-grey-shield-virus
Centralize tools
icon-40-grey-shield-half
Automate threat blocking

The advantages of the antivirus included in HarfangLab’s EPP

The antivirus analyzes file signatures and characteristics (extension, header, etc.), regardless of the operating system (Windows, MacOS, Linux) to determine whether the file is a threat or legitimate.
Depending on the type of file, it is analyzed as soon as it is placed on the disk or at runtime.

The antivirus can then block or even quarantine these files if the signature corresponds to a known threat in its database.  More precisely, each file, regardless of its appearance (size, extension, etc.), is subject to a multi-stage process involving heuristics and behavioral analysis in addition to static and traditional signature-based analysis.

Analysis includes suspicious data elements, as well as signature and exploit detection, for immediate virus isolation and neutralization. Files are executed and, if necessary, monitored and analyzed in a closed virtual environment.
External devices and USB sticks can also be scanned.

EPP - Endpoint Protection Platform

All configuration (rule customization, whitelists, etc.) is carried out in the EDR, which reinforces EPP capabilities.

This means that day-to-day configuration and management of the EPP, and therefore the antivirus is simple and requires no specific training. 

As for IT resources, the more scans an antivirus performs, the more power it needs. So to optimize endpoint performance, you can easily limit scans to certain file types. 

 

A la carte scans

For files and devices scans, the antivirus can be launched automatically (e.g. when an external device is plugged in) in quick and/or full mode, scheduled, or carried out on request by end-users or EPP administrators.

antivirus-policies-configuration-harfanglab

EPP’s ability to automate the blocking of known threats means that analysts can limit their workload and prioritize the finer-grained exploration of data collected with an EDR.

By combining EDR and EPP, cybersecurity experts can also centralize all data and management of security solutions in a single location, enabling them to effectively monitor all IT activity. Juggling different tools and data silos becomes a thing of the past.

Endpoints protection
EPP - Endpoint Protection Platform
antivirus-policies-configuration-harfanglab
Endpoints protection

In short, the antivirus included in HarfangLab’s EPP enables:

  • Automatic blocking of known threats for all operating systems, reducing alert fatigue
  • Very few false positives
  • Detection capabilities even when offline and in closed environments
  • Rationalized tool management via a single console (threats detected by the antivirus appear in the Threats tab of the EDR for a centralized view)
  • Strong ROI for IT and security teams: less time spent on detection, more threats blocked.

Everything you need to know about our plans and their benefits

Find out more

firewall-hero-harfanglab

Enterprise firewall

Read more
1min
device-control-hero-harfanglab

Device Control

Read more
1min