08-05-2010 04:02 AM
Can you materialize a difference between the aggressive and default heuristic? I mean for instance something like this ... having enabled the aggressive level means that at 1000 files it makes 10 files more being flagged as malicious. And how many of them are false positives? Does Symantec have such statistics available? Just curious because I am pondering to switch to the aggressive level. What do you suggest me?
Thx & regards,
08-05-2010 07:14 AM
Welcome to the Norton Community. Is there a particular reason why you are considering the use of Aggressive mode? Have you been hit with malware in the past while using the default heuristics?
I don't recommend going to Aggressive mode because it will increase the risk of false positives. Here is what NIS Help says about aggressive mode.
SONAR detects high-certainty threats and even the low-certainty threats with few suspicious characteristics.
SONAR removes all the high-certainty threats and notifies you about all low-certainty threats.
This setting is highly sensitive and might cause the legitimate files to be identified as threats. It is recommended for advanced users only.
I'll look around for studies on this after I get home from work this evening but unless you have a particular reason I would not recommend changing this to aggressive.
Hope this helps.
08-05-2010 09:03 AM
We have seen some difficulties with the aggressive mode triggering action against some of the recovery partition files in some laptops. If this could be a problem that applies to your machine, I would not recommend using aggressive mode.
08-05-2010 11:09 AM
Good catch on that bjm. It is certainly a possibility. I didn't read that thread as I was not familiar with the file in question or I might have twigged.
08-05-2010 11:17 PM
Foremost thanks for your hints.
There is no particular reason on my side in question of using the aggressive mode. I never been hit by a malware as I have quite safe surfing habits. I was just curious what's the difference between them. If I had known the negative impact is minimal (FPs etc.) I would give it a try. Therefore I was hoping to have a standpoint and/or figures from Symantec folks coming directly from their laboratories. Moreover I recall but I don't know where I caught it that the aggressive mode increases efficiency of heuristic about cca 25% (in default mode it is 70%) it means to nearly 95%.
BTW, I wasn't talking about elevating of SONAR. I know that it would be very dangerous as detected threats mean the files are deleted instantly. I rather meant heuristic setting only (under Computer settings).
It would be a real pain. Having plagued the recovery partition is not sort of a result I am looking for, indeed :-)
All in all, your comments lead me to leave the heuristic in default. I have tweaked my NIS2010 a bit already. I have enabled the verification of MS files, removing cookies automatically and early loading. Do you think another tweaking might be useful?
Nevertheless I would be very grateful for Symantec laboratory figures as I have asked in my topic post.
Don't hesitate to elaborate the topic more.
08-06-2010 02:55 AM - edited 08-06-2010 02:57 AM
I run with aggressive switched on and have safe surfing habits,As I don't stray off my usual one or two sites that I go to and I don't hear boo from it!
You can always try it and see what happens and turn it off if you don't like it... I don't see any harm in learning about the different aspects of NIS2010...some things I will play with some things like the firewall I won't touch!!
08-06-2010 03:19 AM
You can always try it and see what happens and turn it off if you don't like it... I don't see any harm in learning about the different aspects of NIS2010
Yes, that's right until your learning and hanky-panky ends in a fatal error as damaged recovery partition definitely is ;-) Anyway I may give it a try.
08-06-2010 03:58 AM
It's me again
I re-read the help file and there is stated that while the aggressive mode is enabled it scans ALL files on computer for heuristics. Does it mean that all scans (quick and full) will last fundamentally longer? If the aggressive mode triggers verification of ALL files what files are checked for the default setting only? Quite unsure about that.
08-06-2010 09:23 AM - edited 08-06-2010 09:24 AM
Hello delphinium et al
I toggled to Aggressive with 2009 and continued with 2010. I do not consider myself an advanced user...just wanted to see what it would do. My experience to date is similiar to mo . My habits are very simple by comparison to perhaps other users...so, that may be why Aggressive has not posed an issue.