Guest: You want to know about the Heuristics
Webroot:Based on what you told me I understand that:
  • You want help with Endpoint & Mobile Protection
  • You want to use SecureAnywhere Endpoint Protection
  • You want to manage Policies
  • You want to know about the policy settings
  • You want to know about the Heuristics
Webroot:This solution addresses Webroot SecureAnywhere Business – Endpoint Protection

Heuristics settings enable you to adjust the level of threat analysis that Webroot SecureAnywhere performs when scanning managed endpoints. You can adjust heuristics for the local drive, USB drives, the Internet, the network, CD/DVDs, and when managed endpoints are offline.

Types of heuristics
  • Advanced Heuristics. Analyzes new programs for suspicious actions that are typical of malware.
  • Age Heuristics. Analyzes new programs based on the amount of time the program has been in the community. Legitimate programs are generally used in a community for a long time, but malware often has a short life span.
  • Popularity Heuristics. Analyzes new programs based on statistics for how often the program is used in the community and how often it changes. Legitimate programs do not change quickly, but malware often mutates at a rapid pace. Malware may install as a unique copy on every computer, making it statistically unpopular.
     

You can adjust these types of heuristics for several areas: the local drive, USB drives, the Internet, the network, CD/DVDs, and when your computer is offline. For each of these areas, you can set the following options:

  • Disable Heuristics. Turns off heuristic analysis for the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Not recommended.
  • Apply advanced heuristics before Age/Popularity heuristics. Warns against new programs as well as old programs that exhibit suspicious behavior on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
  • Apply advanced heuristics after Age/Popularity heuristics. Warns against suspicious programs detected with Advanced Heuristics, based on Age/Popularity settings on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
  • Warn when new programs execute that are not known good. Warns when malicious, suspicious, or unknown programs try to execute on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. (This setting may result in false detections.)

     
Heuristics levels
Advanced Heuristics Disabled turns off Advanced Heuristics, leaving it vulnerable to new threats. (However, it will still be protected against known threats.)
Low detects programs with a high level of malicious activity. This setting ignores some suspicious behavior and allows most programs to run.
Medium balances detection versus false alarms by using our tuned heuristics in the centralized community database.
High protects against a wide range of new threats. Use this setting if you think your system is infected or at very high risk. (This setting may result in false detections.)
Maximum provides the highest level of protection against new threats. Use this setting if you think that your system is infected or at very high risk. (This setting may result in false detections.)
Age Heuristics Disabled turns off Age Heuristics, leaving it vulnerable to new threats. (However, it will still be protected against known threats.)
Low detects programs that have been created or modified very recently.
Medium detects programs that are fairly new and not trusted, preventing zero-day or zero-hour attacks. We recommend using this setting if you do not allow unpopular programs to be installed on your managed endpoints and you want extra security to prevent mutating threats.
High detects programs that have been created or modified in a relatively short time and are not trusted. This setting is recommended only if new programs are rarely installed on your managed endpoints, and if you feel that your systems are relatively constant. This setting might generate a higher level of false detections on more obscure or unpopular programs.
Maximum detects all untrusted programs that have been created or modified fairly recently. Use this setting only if your managed endpoints are in a high-risk situation, or if you think that they are currently infected.
Popularity Heuristics Low detects programs that are seen for the first time. This setting is recommended if new or beta programs are frequently installed on your managed endpoints, or if endpoint users are software developers who frequently create new programs.
Medium detects unpopular and mutating programs, preventing zero-day and zero-hour attacks. We recommend using this setting if you do not allow new programs to be installed frequently on your managed endpoints and you want extra security over standard settings.
High detects programs that a significant percentage of the community has seen. This setting is recommended if you do not allow new programs on your managed endpoints and you suspect that they are currently infected.
Maximum detects programs that a large percentage of the community has seen. We recommend this setting if you think your managed endpoints are at very high risk, and you accept that you might receive false detections because of the strict heuristic rules.


Webroot: Did I answer your question?
Ask your question: Restart your session
Powered by noHold, Inc. U.S. Patent No. 6,604,141