Endgame employs a local ML engine. Therefore it doesn't have to go to the cloud for additional scanning: On the other hand, WD's initial ML scan is done by its cloud servers. In the Bad Rabbit incident, both initially detected at the ML scan stage. The difference is that Endgame's ML engine appears to be more "sensitive;" enough to classify it positively as malware at this detection stage. Bottom line - it doesn't matter in the least if AI scanning is deployed but the algorithms employed aren't adequate. Also, the solution is not as Microsoft's recommended; lowering the sensitivity threshold thereby dramatically increasing false positive incidents. The solution is to improve WD's ML algorithms.