When I started in anti-virus back in 1991, the solution was simple: find a unique identifier to detect the malware, then you could block it and if needed instigate the right programmatic steps to recover. Alan Solomon would say it's a math problem, we have the solution, and we can scale it infinitely. However, over the years threats, the solutions and the environments we deploy them into have become ever more complex. We have moved from file viruses that were one simple object to complex multifaceted ransomware attacks made up of hundreds of elements. Just as an example if you look at the latest MITRE testing, it used Turla which is made up of 143 objects (Indicators & behaviors linked to the attack).
Article Link: NOT all EPP Security is the Same - Changing the Guard!