IT should always deploy endpoint protection for VDI, even in a hardened deployment that runs a strict and well-maintained application control whitelist.
Endpoint protection for VDI detects and blocks malicious behavior using signatures and looking for patterns. IT must test and make note of its effect on performance, because mileage will vary based on each product. The juice is worth the squeeze, however.
VMware wins this round with its own endpoint protection offering. VMware acquired Carbon Black in August 2019 and gained access to a huge threat intel network that Carbon Black was already collecting. Final pricing, packing and integration details are still to come.