Heuristic analysis in Kaspersky Endpoint Security 8 for Windows



Kaspersky Endpoint Security 8 for Windows (for file server)


Heuristic analysis in Kaspersky Endpoint Security 8 for Windows

"設定 / 操作方法"へ戻る
2013 5月 28 Article ID: 7409

What is heurisitc analysis?

Heuristic analysis is a protection technology that allows detecting threats that cannot be detected using antivirus databases.

Heuristic analysis allows detecting files infected by a new virus or an unknown modification of a known virus. Objects detected by the heuristic analyzer are assigned the status of possibly infected objects.

Heuristic analysis is a proactive protection technology.

Heuristic analyzer is a module that operates based on heuristic analysis.

Static and Dynamic analysis

Static analysis scans the code for suspicious commands typical of malware.

For example, it is typical of malware to find and modify executable files.

The heuristic analyzer has a "suspect counter" that increases each time it detects a suspicious command or code block in a program. If the "suspect counter" of a program exceeds a certain limit, it is assigned the suspicious status.

Dynamic analysis launches the program in a special virtual environment. If the heuristic analyzer detects malicious activity, the program is identified as malware and blocked.

Kaspersky Endpoint Security 8 for Windows uses both static and dynamic analysis methods.

The dynamic method consumes more resources than the static analysis.

The detection rate of the dynamic analysis is higher than that of the static analysis, and it produces far less false positives.

Components using the heuristic analyzer

The following Kaspersky Endpoint Security 8 for Windows components use the heuristic analyzer:

  • File Anti-Virus;
  • Mail Anti-Virus;
  • Web Anti-Virus;
  • IM Anti-Virus;
  • Application Privilege Control;
  • System Watcher;
  • Scan tasks.
はい いいえ




サイトへのフィードバックを送信 サイトへのフィードバックを送信