Advanced Heuristics disabled by default?

I notice that in the Startup file check setup, Advanced Heuristics is enabled by default, but in Realtime System Protection, AH is disabled by default.

I'm sure there is a good reason behind this, but I can't think why it's advantageous to disable this by default (unless there is a huge performance hit from enabling it?). Similarly, detection of runtime packers seems to be disabled in realtime system protection.

edit: this is in EAV RC1, but I assume the same also applies to ESS

 

Are you positive that the use of Advanced heuristics on file create/modify is disabled by default? It's been enabled by default as of version 2.5 if my memory serves well. Couldn't it be that you looked into the ThreatSense section in error? If you like to have it enabled on access as well, you can do it manually, but you must take into account that there will be much longer delays when accessing certain runtime packed files.

 

sorry, you are quite right, it is in the Threatsense section. I was misunderstanding the interface.

From what you're saying then, I guess it's best to leave these Threatsense settings at defaults. Thanks for the quick response

 

If there's a piece of malware trying to get to your computer which is detected by advanced heuristics (AH), it would be blocked with default settings. Also you have an option to perform scans with AH enabled on a regular basis (e.g. using Scheduler). If you happened to get infected with malware by chance (e.g. due to not having the signature database updated or having the file protection disabled for some reason, or if detection of the threat was added after you got infected) and it was started automatically on system startup, a startup file system check would detect and neutralize it. All with default settings.