Endpoint AV and gateway security are complementary technologies, they are two layers of defense, not meant to substitute for each other.
As an example:
You need an endpoint AV because it’s easy to hide traffic from a network gateway. For example, if a virus uses a password protected ZIP file (or encryption) to download its payload, or even HTTPS , a gateway cannot detect that threat, but an endpoint AV can easily see the infected file as it’s being unpacked.
And an endpoint AV is potentially weak because a virus running on the endpoint can attempt to disable the endpoint AV, but because such a virus does not compromise your MX, it cannot disable protection on the MX.