06-03-2009 10:16 AM
Back with one of my questions again!!
I was wondering about a few things, in this case, Bloodhound and Heuristics.
firstly, is there a difference? because, Norton uses bloodhound DEFINITIONS - these are generic. yet we can set the HEURISTIC detection of Norton scans in settings. so, are we infact setting the sensitivity of the definitions themselves? Or is there an entirely separate part of Norton that has Heuristics separate to those found in these definitions?
then I would like to ask... how is it that the setting effects the Heuristics? In terms of programming, does it "comment out" certain code? use less algorithms? give files "second chances"? or what?
Maybe a bit mind boggling!! and I bet some of the above answers would be giving away some Symantec secrets!! Ah well :-)
06-03-2009 12:08 PM
Bloodhound definitions will be used by the definition type scanning engines and could be used in conjunction with Community Watch to detect new files for submission to Symantec for analysis.
The Heuristic engine is mainly SONAR and it is just inspecting a file's process behavior characteristics. The Heuristic level is setting how many characteristics or how sever a level will trigger the SONAR detection. I would believe that the code is intact (no changes or blocking of parts there) for the different levels; just what threshold triggers a detection is changed.
06-03-2009 12:18 PM