Heuristic analysis in Kaspersky Endpoint Security 10 for Windows

This article concerns Kaspersky Endpoint Security 10 for Windows:

• Service Pack 2 Maintenance Release 4 (version 10.3.3.304)
• Service Pack 2 Maintenance Release 3 (version 10.3.3.275)
• Service Pack 2 Maintenance Release 2 (version 10.3.0.6294)
• Service Pack 2 Maintenance Release 1 (version 10.3.0.6294)
• Service Pack 2 (version 10.3.0.6294)

What is heuristic analysis

Heuristic analysis is a technology that detects threats which cannot be detected using current Kaspersky Lab anti-virus databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.

Heuristic Analyzer is a module that operates based on heuristic analysis. 

Static and Dynamic analysis

Static analysis scans the code for suspicious commands that are characteristic of malware. For example, malware will often find and modify executable files. The heuristic analyzer has a "suspect counter" that increases each time it detects a suspicious command or code block in a program. If the "suspect counter" of a program exceeds a certain limit, it is assigned the suspicious status.

Dynamic analysis launches the program in a special virtual environment. If the heuristic analyzer detects malicious activity, the program is identified as malware and blocked.

Kaspersky Endpoint Security 10 for Windows uses both static and dynamic analysis methods. 

Components that use the heuristic analyzer

• File Anti-Virus. For more information, see the Online Help page.
• Mail Anti-Virus. For more information, see the Online Help page.
• Web Anti-Virus. For more information, see the Online Help page.
• Application Privilege Control. For more information, see the Online Help page.
• Scan tasks. For more information, see the Online Help page.