Guest: You want to know about the Heuristics
Webroot:This solution addresses Webroot SecureAnywhere Business – Endpoint Protection.

Heuristics

With heuristics, you can set the level of threat analysis that SecureAnywhere performs when scanning managed endpoints. SecureAnywhere includes three types of heuristics: advanced, age, and popularity.

You can adjust these types of heuristics for several areas:
  • Local Heuristics — Local drive
  • USB Heuristics — USB drives
  • Internet Heuristics — Internet
  • Network Heuristics — Network
  • CD/DVD Heuristics — CD/DVDs
  • Offline Heuristics — When your computer is offline

For each of these areas, you can set the following options:
  • Disable Heuristics — Turns off heuristic analysis for the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Not recommended.
  • Apply advanced heuristics before Age/Popularity heuristics — Warns against new programs as well as old programs that exhibit suspicious behavior on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
  • Apply advanced heuristics after Age/Popularity heuristics — Warns against suspicious programs detected with Advanced Heuristics, based on Age/Popularity settings on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
  • Warn when new programs execute that are not known good — Warns when malicious, suspicious, or unknown programs try to execute on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Keep in mind that this setting may result in false detections.
 
Setting Description
Advanced Heuristics Analyzes new programs for suspicious actions that are typical of malware.
  • Disabled — Turns off Advanced Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats.
  • Low — Detects programs with a high level of malicious activity. This setting ignores some suspicious behavior and allows most programs to run.
  • Medium — Balances detection versus false alarms by using our tuned heuristics in the centralized community database.
  • High — Protects against a wide range of new threats. Use this setting if you think your system is infected or at very high risk. This setting may result in false detections.
  • Maximum — Provides the highest level of protection against new threats. Use this setting if you think that your system is infected or at very high risk. This setting may result in false detections.
This setting applies only to PC endpoints.
Age Heuristics Analyzes new programs based on the amount of time the program has been in the community. Legitimate programs are generally used in a community for a long time, but malware often has a short life span.
  • Disabled — Turns off Age Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats.
  • Low — Detects programs that have been created or modified very recently.
  • Medium — Detects programs that are fairly new and not trusted, preventing zero-day or zero-hour attacks. We recommend using this setting if you do not allow unpopular programs to be installed on your managed endpoints and you want extra security to prevent mutating threats.
  • High — Detects programs that have been created or modified in a relatively short time and are not trusted. This setting is recommended only if new programs are rarely installed on your managed endpoints, and if you feel that your systems are relatively constant. This setting might generate a higher level of false detections on more obscure or unpopular programs.
  • Maximum — Detects all untrusted programs that have been created or modified fairly recently. Use this setting only if your managed endpoints are in a high-risk situation, or if you think that they are currently infected.
This setting applies only to PC endpoints.
Popularity Heuristics Analyzes new programs based on statistics for how often the program is used in the community and how often it changes. Legitimate programs do not change quickly, but malware often mutates at a rapid pace. Malware may install as a unique copy on every computer, making it statistically unpopular.
  • Low — Detects programs that are seen for the first time. This setting is recommended if new or beta programs are frequently installed on your managed endpoints, or if endpoint users are software developers who frequently create new programs.
  • Medium — Detects unpopular and mutating programs, preventing zero-day and zero-hour attacks. We recommend using this setting if you do not allow new programs to be installed frequently on your managed endpoints and you want extra security over standard settings.
  • High — Detects programs that a significant percentage of the community has seen. This setting is recommended if you do not allow new programs on your managed endpoints and you suspect that they are currently infected.
  • Maximum —Detects programs that a large percentage of the community has seen. We recommend this setting if you think your managed endpoints are at very high risk, and you accept that you might receive false detections because of the strict heuristic rules.
Webroot: Did I answer your question?
Ask your question: Restart your session Restart your session
Powered by noHold, Inc. U.S. Patent No. 6,604,141