Differences between the Bloodhound and Proactive Threat Protection technologies
search cancel

Differences between the Bloodhound and Proactive Threat Protection technologies

book

Article ID: 177534

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You would like to know what the difference between Bloodhound and Proactive Threat Protection technologies is.

Resolution

Bloodhound protection and Proactive Threat Protection are different but complimentary technologies.

Bloodhound is the name of our heuristics-based virus detection technology that is part of the AntiVirus engine.

Proactive Threat Protection (PTP) is a separate technology that is also heuristics-based, but operates differently than Bloodhound.

Bloodhound detections are made by the virus scan engine when a file on the filesystem is scanned by either AutoProtect or during a scheduled/manual scan. These detections are based on analyzing the contents of the file itself for malicious code.

Proactive Threat Protection monitors processes running in memory, rather than files on the filesystem. It analyzes the actions that a process takes while running and attempts to determine if the behavior of the process is suspicious. If suspicious behavior is detected, the SEP agent will log an event and may act on the process based on the policy set for such conditions.

In short, the technologies make up two different components that have a similar goal, which is to detect malicious programs using methods other than traditional virus signature-based detection. These technologies do this by utilizing heuristics-based functionality.