Noob question about advanced heuristics

Probably it´s a noob question, but I have to ask:

Does nod32 v4 uses advanced heuristics on realtime scan on default settings?

I see that it uses for newly created and modified files, but not for executed files, am I right? If I download a file using firefox web browser, for example, will nod32 use AH to scan this file?

 

That's right.

If you download an archive, web protection will scan it internally with AH and runtime packers enabled by default. If you download executable files, they will be scanned by real-time protection as well by default.

 

Will this executable file that I downloaded be scanned with AH? I mean, a downloaded executable is a "newly created file"?

 

Yes, files that are downloaded are newly created.

 

Thanks, Marcos....

I have another question...

If a Pen Drive has a worm that autoexecutes when I plug it to the PC, will NOD32 use AH to detect this worm if it is a .inf file? Or only .exe files are scanned with AH in removable media?

I'm asking this because I see a lot of infected pen drives with a file called Autorun.inf that actually is a worm, I think it's called Conficker... and it autoexecutes when the pen drive is plugged. Will nod32 use AH to scan this autorun.inf file?

 

AH scans only exe/dll files. V4 has introduced new options for scanning removable media to provide better protection against Autorun worms. By default, files run from removable media are first scanned with maximum settings.

 

I have a lot of hits from those..

 

Those are my last questions, I promise...

If nod32 uses AH for newly created files or modified files and for removable media by default, is there any advantage using AH on every file execution? I cannot imagine any virus infection without creating or modifying a file on the system.

Also, what is the difference between enabling AH in these two options (images attached)?

 

I leave them disabled (default settings)

 

Ok, but what is the difference between those two configuration options?

 

According to Marcos previous post, AH is already set when it is really needed so.....

IMO, both means not really more protection but, surely, more use of CPU and memory, and probably slowdown of all pc performances.

 

The first screenshot shows the check box that enables AH on file access while the second one enables AH on file execution.