What is heurisitc analysis?
Heuristic analysis is a protection technology that allows detecting threats that cannot be detected using antivirus databases.
Heuristic analysis allows detecting files infected by a new virus or an unknown modification of a known virus. Objects detected by the heuristic analyzer are assigned the status of possibly infected objects.
Heuristic analysis is a proactive protection technology.
Heuristic analyzer is a module that operates based on heuristic analysis.
Static and Dynamic analysis
Static analysis scans the code for suspicious commands typical of malware.
For example, it is typical of malware to find and modify executable files.
The heuristic analyzer has a "suspect counter" that increases each time it detects a suspicious command or code block in a program. If the "suspect counter" of a program exceeds a certain limit, it is assigned the suspicious status.
Dynamic analysis launches the program in a special virtual environment. If the heuristic analyzer detects malicious activity, the program is identified as malware and blocked.
Kaspersky Endpoint Security 8 for Windows uses both static and dynamic analysis methods.
The dynamic method consumes more resources than the static analysis.
The detection rate of the dynamic analysis is higher than that of the static analysis, and it produces far less false positives.
Components using the heuristic analyzer
The following Kaspersky Endpoint Security 8 for Windows components use the heuristic analyzer:
- File Anti-Virus;
- Mail Anti-Virus;
- Web Anti-Virus;
- IM Anti-Virus;
- Application Privilege Control;
- System Watcher;
- Scan tasks.