Cb Defense: What does HEURISTIC mean as an app reputation in the Investigate page?

Cb Defense: What does HEURISTIC mean as an app reputation in the Investigate page?

Environment

  • Cb Defense Web Console: All Versions
  • Cb Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions
  • Apple Mac OS: All Supported Versions

Question

What does HEURISTIC mean as an app reputation in the Defense investigate page?

Answer

  • HEURISTIC reputation is applied when a file is suspected to be malicious based on a set of attributes
  • It generally indicates a level of confidence above SUSPECT_MALWARE, but still below KNOWN_MALWARE reputation
  • When it comes to enforcing policy rules, HEURISTIC is treated the same as SUSPECT_MALWARE

Additional Notes

  • As Cb Defense employs a variety of analysis techniques, reputation of a file can change over time as different techniques take effect (e.g. be upgraded to KNOWN_MALWARE)
  • Other values that can be returned for suspicious files are PUA (Potentially Unwanted Application, also known as PUP) and ADWARE; PUA/PUP indicates the lowest level of confidence; ADWARE is a step above that followed by SUSPECT_MALWARE and HEURISTIC
  • PUP and ADWARE are separate from SUSPECT_MALWARE (includes HEURISTIC, per this article) and KNOWN_MALWARE (full confidence) in policy rules

Related Content

Cb Defense: Reputation Priority

Cb Defense: How are Reputations Assigned?

Cb Defense: How Are Reputations Assigned for Pre-Existing Files?

Cb Defense: How Are Reputations Assigned for New Files?

Cb Defense: How Are Reputations Assigned for Network Files?

Cb Defense: How to Confirm the Applied Hash Reputation in Events

Cb Defense: Difference Between "Not_listed" and "Unknown" Reputation

Cb Defense: Difference in whitelisting by hash versus Certs or IT Tools

Labels (1)
Tags (3)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎07-19-2018
Views:
897
Contributors