Next-Generation Endpoint Security FireEye Endpoint Security (HX)

What is FireEye Endpoint Security (HX)?

FireEye Endpoint Security (HX) is an endpoint security solution that combines antivirus (EPP), next-generation antivirus (NGAV), and EDR. For multiple protection of endpoints, the solution is equipped with a total of four engines: a conventional antivirus engine, a machine learning (AI) engine, a behavior detection engine, and an infringement activity data (IOC) engine. Since the agent program operates in kernel mode, it accurately determines malicious behavior and collects detailed activity logs.


◆Equipped with four different engines. Provide multi-directional detection and protection against attacks

  • Detects existing threats based on signatures (Malware Protection)
  • Uses machine learning to detect against unknown threats and advanced attacks (Malware Guard)
  • Uses behavior detection to detect exploits for applications and the web (Exploit Guard)
  • Uses FireEye Threat Intelligence for detection (RealTime Indicator)

◆Intuitive interface that is easy-to-understand and easy-to-use

The service will solve problems such as the following.

  • Want to constantly implement the latest security for endpoint in order to protect against threats
  • Want to introduce security that can handle unknown threats
  • Want to use security that is capable of response even if a file infected with malware is accessed

Main Functions

Malware protection: conventional antivirus

Real-time scan

  • Scan file at time of access
  • Scan network file (can be set as “enabled” or “disabled”)

Scheduled scan

  • Daily / Weekly / Monthly / When updating virus definition / When launching the system
  • Scan level: Full disk, Quick scan, Active memory

File isolation

  • Encrypted and isolated to endpoint for 90 days (setting can be changed from 1 day to 365 days)
  • Restore/delete
  • Download to Endpoint Security Server


  • Skip scanning for Windows OS files and duplicate files
  • Support for Windows early launch anti-malware driver (ELAM)

Malware Guard: Uses machine learning (AI) for measures against unknown malware

◆ Collect hundreds of millions of executable files (exe, dll, sys, etc.)

◆ Collect the latest unknown malware from FireEye products and services

◆ Extract over 2,000 static features to learn unique features

  • Degree of randomness for file bytes
  • File header
  • Address table, etc.

◆ Manually correct learning data

◆Encrypted transmission of learning data

◆ Concurrent use with AV of other companies is possible

◆ Supports a configuration that does not send user data outside the system (1Way)

Exploit Guard: Detects and blocks exploits used in the early stages of intrusion

Example of exploit methods that can be detected

  • Memory Corruption (BOF, ROP, etc.)
  • Heap spray
  • MS Office Macros
  • Embedded binary launch
  • Java sandbox bypass
  • Kernel exploit

Supported application

  • Browsers: IE, FireFox, Chrome
  • Browser plug-in
  • Adobe Acrobat、Flash
  • MS Office: Word、Excel、PowerPoint
  • Wordpad
  • Java Applet runner

Real-time indicator: Distribute IOC to all endpoints in order to detect/block attacks in real time

  • IOC is generated based on actual intrusion activity
  • The generated IOC is distributed to all endpoints
  • The incident can be declared as closed by isolating all endpoints that match the IOC