Of the endpoint checks, which one is bypassed for known programs?

The endpoint check that is bypassed for known programs is local analysis. Local analysis involves scanning the program or file against predefined criteria to determine if it is potentially harmful or malicious. Known programs, which have been previously identified and trusted by the security system, are often exempt from these checks because they do not require the same level of scrutiny as unknown or untrusted applications. This approach streamlines the process and enhances performance by allowing trusted programs to run without unnecessary delays caused by analysis.

In contrast, the other checks, such as WildFire query, behavioral threat protection, and firewall analysis, continue to apply to known programs or are designed to complement the existing checks. They provide additional layers of security that ensure potentially harmful behaviors are monitored, regardless of the program’s prior trust status.