[PrevxHelp]

Edge analyzes behavior but doesn't report them to the user like conventional behavior blockers do. All of the heuristics are hosted online so you will need an internet connection to detect new threats. We don't make any determinations locally (except in the cases of rootkits) because there is so much value with knowing all of the information about a program online.

Take this example: there is a program which mass mails based on a list of email addresses, but it runs silently with no window and adds itself to a registry run key to load on bootup. I'd imagine that would trigger 100% of heuristic-based products but our databases know that this program is legitimate because its been used by 5 million people and has never actually performed a malicious action.

Local heuristics only work so well (they always need to be updated still, so most heuristic implementations are just generic definitions - which we have many of as well), and behavior blocking doesn't work well for the average user who doesn't understand what a "registry run key" is.

Our approach lets us automate the answering of behavioral queries through our centralized analysis - it requires an internet connection, but how often are you actually being threatened by an infection without an internet connection? For me, I'm literally never offline (on a broadband connection) and that is the state which is ever-increasing in popularity.