Anti-virus, signature vs heuristic analysis
I was looking through my Kaspersky AV settings today and I noticed there was a setting to turn on heuristic analysis and adjust the scanning from light, med, and heavy. Is there a reason the default is all the way off? I turned it on and set it to light and I didn't notice much of a difference. Or is it better to just keep it looking for signatures?
I remember something about false positives when messing with heuristics, is there a source that you can check up if you run into one of these? Because whenever I would look up some info about something I catch in Kaspersky's database it just seems to tell me what it believes it is.
I remember something about false positives when messing with heuristics, is there a source that you can check up if you run into one of these? Because whenever I would look up some info about something I catch in Kaspersky's database it just seems to tell me what it believes it is.
Comments
-
ElvisG
Member Posts: 167
I was looking through my Kaspersky AV settings today and I noticed there was a setting to turn on heuristic analysis and adjust the scanning from light, med, and heavy. Is there a reason the default is all the way off? I turned it on and set it to light and I didn't notice much of a difference. Or is it better to just keep it looking for signatures?
I remember something about false positives when messing with heuristics, is there a source that you can check up if you run into one of these? Because whenever I would look up some info about something I catch in Kaspersky's database it just seems to tell me what it believes it is.
Heuristic analysis is when the AV "guesses" instead of using signatures on what is considered a virus so you will get a higher percentage of false positives.
Heuristic analysis - Wikipedia, the free encyclopedia
I would leave it on signature based unless there was a specific reason to change it. -
cnfuzzd
Member Posts: 208
Heuristic analysis is when the AV "guesses" instead of using signatures on what is considered a virus so you will get a higher percentage of false positives.
Heuristic analysis - Wikipedia, the free encyclopedia
I would leave it on signature based unless there was a specific reason to change it.
The specific reason for changing is that viruses are bad.
Turn it to high. If you look at the tests that kaspersky submits its product to, they always request that the reviewers configure this setting for a high level of detection.
False positives are bad, missed viruses are worse. imo.
john__________________________________________
Work In Progress: BSCI, Sharepoint -
Talic
Member Posts: 423
I forgot to mention that it was under files and memory protection.
As for the Wiki link, I was looking for that page but I kept on running into the regular heuristic page rather then the one for viruses. Thats very cool about operating in a mini vm.
Wouldn't running on high start to degrade performance to much if it was scanning active memory? I was looking around the settings and found heuristic scanning for web traffic, the default is medium heuristic, wouldn't this be good enough rather then turning on memory heuristic? Since wiki says the success rate isn't high then, high shouldn't be needed in memory. Also, how does scanning http traffic affect programs such as Left 4 Dead?
I believe the web scanning caught something a couple days ago, I was looking for some music and I remember it catching something after I went on a web page after googling.
I'm still surprised at how much kaspersky really shows you under the settings, some other anti-virus/security suites usually don't show this much stuff. Do they use all these types of scanners and just not let you adjust the heuristic levels? -
tiersten
Member Posts: 4,505
If you're willing to live with worse performance and a potentially higher false positive rate then sure.The specific reason for changing is that viruses are bad.
Turn it to high. If you look at the tests that kaspersky submits its product to, they always request that the reviewers configure this setting for a high level of detection.
False positives are bad, missed viruses are worse. imo. -
tiersten
Member Posts: 4,505
Don't use the home versions of AV and you'll get more options to tweak. Most major AV packages do have heuristic scanning engines. Whether they actually are any good with current generation malware is another matter entirely.I'm still surprised at how much kaspersky really shows you under the settings, some other anti-virus/security suites usually don't show this much stuff. Do they use all these types of scanners and just not let you adjust the heuristic levels?