Cb Defense: What does HEURISTIC mean as an app reputation in the Investigate page?
Cb Defense Web Console: All Versions
Cb Defense Sensor: All Versions
Microsoft Windows: All Supported Versions
Apple Mac OS: All Supported Versions
What does HEURISTIC mean as an app reputation in the Defense investigate page?
HEURISTIC reputation is applied when a file is suspected to be malicious based on a set of attributes
It generally indicates a level of confidence above SUSPECT_MALWARE, but still below KNOWN_MALWARE reputation
When it comes to enforcing policy rules, HEURISTIC is treated the same as SUSPECT_MALWARE
As Cb Defense employs a variety of analysis techniques, reputation of a file can change over time as different techniques take effect (e.g. be upgraded to KNOWN_MALWARE)
Other values that can be returned for suspicious files are PUA (Potentially Unwanted Application, also known as PUP) and ADWARE; PUA/PUP indicates the lowest level of confidence; ADWARE is a step above that followed by SUSPECT_MALWARE and HEURISTIC
PUP and ADWARE are separate from SUSPECT_MALWARE (includes HEURISTIC, per this article) and KNOWN_MALWARE (full confidence) in policy rules