Views:

The following table provides a comparison of features for Co-Exist and Exclusive in the Apex family.

 FeatureModuleSaaSOn-Premise
Co-ExistExclusiveCo-ExistExclusive
Prevention / BlockingWeb Reputation ServiceAnti-Malware
Anti-MalwareAnti-Malware
Pre-Execution Machine LearningAnti-Malware
Behavior MonitoringAnti-Malware
Attack Discovery (IOA)Endpoint Sensor
Anti-ExploitAnti-Malware
Runtime Machine LearningAnti-Malware
FirewallAnti-Malware
Device ControlAnti-Malware
Data Loss PreventionAnti-Malware
Application ControlApplication Control
VASO - IP, URL, DNS, FileAnti-Malware11
VASO - IP, URL, DNS, FileAnti-Malware11
UDSO - SHA1Application Control
Virtual PatchVirtual PatchVulnerability Protection
Sample SubmissionSample SubmissionAnti-Malware22
DetectionAttack Discovery (IOC)Endpoint Sensor
Generate Root Cause ChainEndpoint Sensor
ResponseNetwork Isolation (via Root Cause Chain)Anti-Malware
Application Ban (via Root Cause Chain)Application Control
Process Termination (via Root Cause Chain)Endpoint Sensor
Add to UDSO - IP, DNS, SHA1 (via Root Cause Chain)Root Cause Chain
Sweeping (IOC, YARA, STIX)Endpoint Sensor
1 Only supports SO-URL
2 Only supports USB Autorun

The following table provides a comparison of the EDR events between specific Apex One features that have been disabled and Apex One.

Endpoint Sensor
Captured Events
Apex One Disabled
Advanced Protection Service
Apex One
(On-Prem and SaaS)
Co-ExistExclusive
File1
Process1
Registry
Account
IP/Port
DNS
Memory
Injection
Signature
Internet
AMSI
1 Endpoint Sensor can only record partial events