Positive Technologies Updates MaxPatrol Endpoint Security to Strengthen Endpoint Protection
Positive Technologies has released an updated version of MaxPatrol Endpoint Security, its endpoint protection platform for workstations, servers, remote endpoints, and virtual desktops. The latest release focuses on defending against ransomware and wiper malware by automatically restoring data after encryption or file deletion attempts. It also introduces application and device control, while improving the antivirus engine by reducing signature database size by 8% and increasing threat detection speed by nearly 25% in some scenarios.
The release is significant for Russia's corporate sector as a whole. Endpoint devices remain one of the primary entry points for cyberattacks. According to Positive Technologies, more than 50% of cybersecurity incidents originate on employee workstations, while 32% of Russian companies planned to deploy endpoint protection solutions as early as 2025.
The updated platform is expected to improve the cyber resilience of organizations that store citizens' personal data and financial information, strengthen Russia's domestic cybersecurity ecosystem, and reduce the risk of operational disruptions across manufacturing, government, telecommunications, and other sectors. It also highlights the continued evolution of Russian endpoint security technologies at a time when AI-assisted attacks, ransomware, and destructive malware are becoming more prevalent worldwide.
Rapid Anomaly Detection
Positive Technologies' solution could also attract interest in countries experiencing rapid digitalization and growing demand for corporate infrastructure protection. Priority markets include BRICS countries, the Middle East, North Africa, and Southeast Asia.
Within Russia, growth prospects are tied to the expanding endpoint protection market. The company estimates that endpoint security accounts for roughly 15% of the country's cybersecurity market, representing about 35 billion rubles (approximately $450 million).
Future development is expected to center on integrating endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities with antivirus protection, device control, behavioral analytics, and rapid recovery after attacks. Another factor likely to accelerate demand is the growing use of artificial intelligence by cybercriminals. That trend requires security platforms not only to block known threats but also to identify anomalous activity quickly and restore affected infrastructure.
Growing Relevance in the Global Threat Landscape
In February 2025, Positive Technologies announced its entry into the antivirus market after acquiring rights to technologies developed by Belarusian company VIRUSBLOKADA. The company said those technologies would be integrated into MaxPatrol EDR, PT ISIM, PT Sandbox, and PT NGFW, forming the foundation of its endpoint protection portfolio.
At Positive Hack Days in May 2025, the company introduced an early version of its antivirus technology for MaxPatrol EDR and outlined its strategy to strengthen its position in the endpoint protection market. In December of the same year, it began commercial sales of the antivirus as part of MaxPatrol EPP.
Late in 2025, Positive Technologies released MaxPatrol EDR 9.0. The update introduced standalone deployment, a dedicated security event database, expanded digital forensics capabilities, and a six-month free evaluation of MaxPatrol EPP. Together, these changes marked a shift from a standalone EDR product toward a comprehensive endpoint protection platform.
Other Russian vendors are moving in a similar direction. The domestic EDR segment includes offerings from BI.ZONE, F6, and others. F6 Endpoint Detection and Response supports both cloud-based and on-premises deployment, telemetry collection, isolation of compromised hosts, and operation across Windows as well as Russian operating system distributions.
Positive Technologies' latest release comes as endpoint threats continue to evolve. In 2026, Kaspersky reported an increase in the use of so-called "EDR killers" – tools designed to disable endpoint protection before deploying malware. That trend underscores the importance of security platforms capable of defending not only against ransomware itself but also against attempts to bypass endpoint security controls.
Demand for Integrated Security Platforms Continues to Grow
The latest update to MaxPatrol Endpoint Security reflects the continued evolution of an important class of software designed to protect enterprise endpoints. Its emphasis on ransomware and wiper malware is particularly significant because those threats can halt business operations or destroy critical infrastructure.
For the market, the release represents another step toward full-featured Russian alternatives to foreign endpoint security platforms while expanding Positive Technologies' presence in the broader market for workstation and server protection.
Analysts expect demand for integrated security platforms combining antivirus protection, device control, and behavioral analytics to continue growing, particularly among organizations with distributed infrastructure and large volumes of personal data.
