I will explain what PTP and NTP does.
Intrusion Prevention
Network threat protection blocks threats from accessing your computer by using rules and signatures. Proactive threat protection identifies and mitigates the threats based on the threats’ behavior. Antivirus and antispyware threat protection identifies and mitigates the threats that attempt to or have gained access to your computers by using the Symantec signatures. The Symantec Endpoint Protection client firewall provides a barrier between the computer and the outside network. The client firewall prevents unauthorized users from accessing the computers and the networks that connect to the Internet, detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic. The firewall also protects against network threats and malware that attempt to proliferate in your network, such as bots. All the information that enters or leaves the client computer must pass through the client firewall, which examines the information packets. The client firewall blocks packets that do not meet the specified security criteria.
Proactive threat scanning provides an additional level of protection to a computer that complements existing AntiVirus, AntiSpyware, Intrusion Prevention, and Firewall protection technologies. AntiVirus and AntiSpyware scans rely mostly on signatures to detect known threats. Proactive threat scans use heuristics to detect unknown threats. The Heuristic process scan analyzes the behavior of an application or a process. The scan determines if the process exhibits the characteristics of a threat, such as Trojan horses, worms, or key loggers. The processes typically exhibit a type of behavior that a threat can exploit, such as opening a port on a user's computer. This type of protection is sometimes referred to as protection from "Zero-day attacks":
"Zero-day attack vulnerabilities" are new vulnerabilities that are not yet publicly known. Threats exploiting these vulnerabilities can evade signature based detection such as AntiSpyware and AntiSpyware definitions.
"Zero-day" attacks may be used in targeted attacks and in the propagation of malicious code.
About Proactive Threat Protection:
The intrusion prevention system (IPS) is the client's second layer of defense after the firewall. The intrusion prevention system is a network-based system that operates on every computer on which the client is installed and the IPS system is enabled. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.
The client contains smart attack signatures that are less likely to allow an intrusion attack. The client also contains a stateful engine that tracks all the incoming and the outgoing traffic. The client includes the intrusion prevention engine and a corresponding set of attack signatures by default.
What is Network Threat Protection?