|
You are visiting our Support Website and we thank you in advance for your participation in this poll and your feedbacks.
Please vote honestly, we will analyze the results and will do our best to improve our service as soon as possible.
|
|
|
|
 |
Kaspersky Anti-Virus 5.7 for Linux File Servers/Workstations |
|
|
| |
|
What is a heuristic analyzer?
|
|
ID Article: 458
|
Other languages:
   
|  241 |
 2009 Jun 02 18:15 |
 Printable version |
When the number of viruses has exceeded hundreds, the antivirus experts thought about the idea how to detect malicious programs that are unknown to the antivirus programs as there are no corresponding antivirus databases. To rectify the problem a heuristic analyzer has been developed. The heuristic analyzer analyzes the code of the executable files to detect in them new kinds of Malware that is usually not detected by the antivirus databases.
In other words – the heuristic analyzer has been developed to search for unknown viruses. When scanning a program the analyzer emulates its execution and makes protocols of its all “suspicious” actions, e.g. opening or closing a file, intercepting the vectors of interruption, etc. On the account of the protocol the program can be stated as possibly infected.
Thus, about 92% of new viruses are detected by the heuristic analyzer. This mechanism is very effective and rarely leads to false positives. Files that are suspected by the heuristic analyzer to be infected by a virus are called possibly infected or suspicious.
The heuristic analyzer is a part of all antivirus products of Kaspersky Lab. If no known Malware has been detected in a file during the antivirus databases scan, the file is scanned by the heuristic analyzer then.
|
|
|
|
Knowledge base
Product Info
System requirements
