Administrators could implement "System Lockdown" to allow only whitelisted applications to run, or use "Application and Device Control" to restrict access to USB drives and registry keys. Architecture and Management
A behavioral engine that monitored applications in real-time. It stopped zero-day threats by blocking suspicious file executions based on their behavior, rather than waiting for a signature update. symantec endpoint protection 12
Uses SONAR (behavioral analysis) to detect zero-day threats before signatures are available. symantec endpoint protection 12