Endpoint Detection and Response (EDR) is an emerging protection technology.  It defines a category of tools and solutions that focus on detecting and investigating suspicious activities and issues on hosts and endpoints.  Advanced Persistent Threats and designer malware toolkits are intentionally bypassing traditional signature-based antivirus solutions.  Adding EDR  capabilities strengthens Symantec's threat protection stack on the endpoint, by offering greater visibility into endpoint data and mitigating and disrupting advanced threats.  This technology is leveraged by pairing Symantec Advanced Threat Protection (ATP) product with the Symantec Endpoint Protection 14 RU1 client or newer.  Symantec will update the EDR engine as needed via LiveUpdate.

• Symantec Endpoint Protection 14 RU1 and newer clients

Here is the list of the binaries that will be updated during EDR engine updates via LiveUpdate:

• EDRJob.dll
• EdrSpoc.dll
• EDRStore.dll
• Enroll.dll
• Handler.dll
• Listener.dll
• Loader.dll
• SticExt.dll