Bloodhound and Heuristics

Norton Security | Norton Internet Security
1

Hey everyone

 

Back with one of my questions again!!

 

I was wondering about a few things, in this case, Bloodhound and Heuristics.

 

firstly, is there a difference? because, Norton uses bloodhound DEFINITIONS - these are generic. yet we can set the HEURISTIC detection of Norton scans in settings. so, are we infact setting the sensitivity of the definitions themselves? Or is there an entirely separate part of Norton that has Heuristics separate to those found in these definitions?

 

then I would like to ask... how is it that the setting effects the Heuristics? In terms of programming, does it "comment out" certain code? use less algorithms? give files "second chances"? or what?

 

 

Maybe a bit mind boggling!! and I bet some of the above answers would be giving away some Symantec secrets!! Ah well :-)

 

 

Matt

2

Hi mattsegers -

 

Interesting question!

 

Perhaps Yogesh, Vineeth or others can shed some light on this.

 

Hang tight.

 

:smileyhappy:

3

Bloodhound definitions will be used by the definition type scanning engines and could be used in conjunction with Community Watch to detect new files for submission to Symantec for analysis.

 

The Heuristic engine is mainly SONAR and it is just inspecting a file's process behavior characteristics.  The Heuristic level is setting how many characteristics or how sever a level will trigger the SONAR detection.  I would believe that the code is intact (no changes or blocking of parts there) for the different levels; just what threshold triggers a detection is changed.

4

Norton AntiVirus (NAV) has the ability to detect unknown viruses of various types using heuristic algorithms known as Bloodhound, a technology developed by Symantec Security Response. For more information about Bloodhound technology, please see the white paper Understanding Heuristics: Symantec’s Bloodhound Technology.