Gartner defines an endpoint protection platform (EPP) as security software designed to protect managed endpoints — including desktop PCs, laptop PCs, virtual desktops, mobile devices and, in some cases, servers — against known and unknown malicious attacks. EPPs provide capabilities for security teams to investigate and remediate incidents that evade prevention controls. EPP products are delivered as software agents, deployed to endpoints, and connected to centralized security analytics and management consoles.

EPPs provide a defensive security control to protect end-user endpoints against known and unknown malware infections and file-less attacks using a combination of security techniques (such as static and behavioral analysis) and attack surface reduction capabilities (such as device control, host firewall management and application control). EPP prevention and protection capabilities are deployed as a part of a defense-in-depth strategy to help reduce the endpoint attack surface and minimize the risk of compromise. EPP detection and response capabilities are used to uncover, investigate and respond to endpoint threats that evade security protection, often as a part of broader threat detection, investigation and response (TDIR) capable products.

Antivirus utilities distinguish themselves by going beyond the basics of on-demand scanning and real-time malware protection. Some rate URLs you visit or appear in search results using a red-yellow-green color-coding system. Some actively block processes on your system from connecting with known malware-hosting URLs or fraudulent (phishing) pages.

All software has flaws, and sometimes these flaws can compromise your security. Prudent users keep Windows and all programs up to date, patching those flaws as soon as possible. The vulnerability scan offered by some antivirus apps can verify that all necessary patches are present and even apply any that are missing.

Spyware comes in many forms, from hidden programs that log every keystroke to Trojans masquerading as legitimate programs while secretly mining your data. Any antivirus should handle spyware, along with all other types of malware; however, some include specialized components dedicated to spyware protection.

You expect an antivirus to identify and eliminate malicious programs, while leaving legitimate programs alone. What about unknowns, programs your AV can't identify as good or bad? Behavior-based detection can, in theory, protect you against malware, so new researchers have never encountered it. However, this isn't always an unmixed blessing. It's not uncommon for behavioral detection systems to flag many innocuous behaviors performed by legitimate programs.

Allowlisting is another approach to the problem of unknown programs. This type of security system only allows known good programs to run; unknowns are banned. This mode may not be suitable for all situations, but it can be useful in certain cases. Sandboxing allows unknown programs to run, but it isolates them from full access to your system, preventing them from causing permanent harm. These various added layers serve to enhance your protection against malware.

Firewalls and spam filtering aren't common antivirus features, but some of our top picks include them as bonuses. Some of these antivirus programs are even more feature-packed than certain security suites.

Among the other bonus features are secure browsers for financial transactions, secure deletion of sensitive files, wiping traces of computer and browsing history, credit monitoring, virtual keyboards to foil keyloggers, cross-platform protection, and more. Of course, we've already mentioned sandboxing, vulnerability scanning, and application allowlisting.

We're seeing more and more antivirus apps adding modules specifically designed for ransomware protection. Some work by preventing unauthorized changes to protected files. Others keep watch for suspicious behaviors that suggest malware. Some even aim to reverse the damage. Given the growth of this scourge, any added protection is beneficial.