What is the heuristic analyzer

 

Kaspersky Anti-Virus 8.0 for Linux File Servers

 
 
 

What is the heuristic analyzer

Back to "General Info"
Latest update: May 07, 2014 ID: 4436
 
 
 
 

Applies to Kaspersky Anti-Virus 8.0 for Linux File Servers

When the number of viruses had reached several hundred, antivirus experts came with an idea of detecting new malicious programs unknown to antivirus software due to absence of corresponding antivirus databases. They developed a heuristic analyzer. Heuristic analyzer examines the code of executable files to detect new pieces of malware which bypass existing antivirus databases.  

In other words the heuristic analyzer has been developed to detect unknown viruses. When scanning a program the analyzer emulates its execution and logs all its “suspicious” actions, e.g. opening/closing files, intercepting interruptions, etc. On the basis of these logs, a program can be recognized as possibly infected.  

Thus, about 92% of new viruses are detected by the heuristic analyzer. This mechanism is very effective and rarely leads to false positives. Files that are suspected by the heuristic analyzer to be infected with a virus are called possibly infected or suspicious.

The heuristic analyzer is built into Kaspersky Anti-Virus 8.0 for Linux File Servers. The heuristic analyzer processes all files scanned using existing databases with negative result.
 
 
 
 
Was this information helpful?
Yes No
Thank you
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK