Advanced Heuristics disabled by default?

Discussion in 'ESET Smart Security v3 Beta Forum' started by dannyboy, Nov 1, 2007.

Thread Status:
Not open for further replies.
  1. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    I notice that in the Startup file check setup, Advanced Heuristics is enabled by default, but in Realtime System Protection, AH is disabled by default.

    I'm sure there is a good reason behind this, but I can't think why it's advantageous to disable this by default (unless there is a huge performance hit from enabling it?). Similarly, detection of runtime packers seems to be disabled in realtime system protection.

    edit: this is in EAV RC1, but I assume the same also applies to ESS
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Are you positive that the use of Advanced heuristics on file create/modify is disabled by default? It's been enabled by default as of version 2.5 if my memory serves well. Couldn't it be that you looked into the ThreatSense section in error? If you like to have it enabled on access as well, you can do it manually, but you must take into account that there will be much longer delays when accessing certain runtime packed files.
     
  3. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    sorry, you are quite right, it is in the Threatsense section. I was misunderstanding the interface.

    From what you're saying then, I guess it's best to leave these Threatsense settings at defaults. Thanks for the quick response :)
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If there's a piece of malware trying to get to your computer which is detected by advanced heuristics (AH), it would be blocked with default settings. Also you have an option to perform scans with AH enabled on a regular basis (e.g. using Scheduler). If you happened to get infected with malware by chance (e.g. due to not having the signature database updated or having the file protection disabled for some reason, or if detection of the threat was added after you got infected) and it was started automatically on system startup, a startup file system check would detect and neutralize it. All with default settings.
     
Thread Status:
Not open for further replies.