Introduction to Antimalware

Qualys Multi-Vector EDR now includes integrated antimalware detection capabilities, providing additional real-time protection against the latest threats. The new release expedites the inevitable convergence of Malware Protection Products with Endpoint Detection & Response (EDR) to deliver comprehensive protection against known and unknown threats.

Easily enabled on any endpoint where the Qualys Cloud Agent is installed, the new release of Qualys Multi-Vector EDR can be fully managed remotely on any endpoint with internet connectivity. No need for a VPN or any other network change. Once deployed, the new anti-malware component protects you against all kinds of malware (such as viruses, spyware and trojans, ransomware), network attacks, and phishing. Details of actions taken and information about program operation are available in the Qualys cloud-based console.

Key Capabilities

- On-access protection: prevents new malware threats from entering the system by scanning local and network files when they are accessed (opened, moved, copied or executed), boot sectors, and potentially unwanted applications (PUA).

- On-demand scanning: scans the file system and memory for malware and other threats and takes remediation actions

- Advanced Protections: Continuously monitors applications running on the endpoint for malware-like actions and automatically disinfects the detected file. In addition, Qualys Malware Protection can expose advanced attacks and suspicious activities in the pre-execution stage. This layer of security contains machine learning models and stealth attack detection technology

- Behavioral-based protection: operating on a zero-trust assumption, Qualys Malware Protection can monitor active applications and processes for any signs of malicious behavior. It relies on actual behavior characteristics instead of signatures or binary or code fingerprints. This allows Qualys Malware Protection to consistently detect new ransomware variants, other zero-day threats, and file-less attacks

- Network and Traffic Protection: prevents malware from being downloaded to the endpoint by scanning incoming emails and web traffic in real-time. In addition, protect against attack techniques used to gain access to specific endpoints, such as brute-force attacks, network exploits, and password stealers.

- Phishing Protection:  Automatically block known phishing web pages to prevent users from inadvertently disclosing private or confidential information to online fraudsters.

Malware detection events can be viewed and analyzed from the Qualys Cloud Console, allowing customers to enrich malicious events with contextual events collected by Qualys EDR.