Web Access Protection's heuristics

Is there a top secret command line switch to enable these slightly more sensitive heuristics in a scan?

 

Hello jmc777,

If you open up the Advanced Setup window by pressing F5 and then navigate to the Web access protection section, you can find what you are looking for. Click on the Setup button next to ThreatSense engine parameter setup and then choose Options. This is where you would turn on and off Heuristics.

 

Thanks for the reply WayneP; I think I may have got my wires crossed. Maybe I've misunderstood what Marcos said in the past when he said that the Web Access Protection module uses more sensitive heuristics than the other modules. I forgot that the default for Advanced Heuristics in the real-time scanner is 'off', and I'm guessing that's what he was referring to (if he reads this post maybe he can clarify things for me). I had it in my head that there may have been an undocumented setting for a more paranoid/sensitive version of Advanced Heuristics hidden away in EAV/ESS that wasn't available to the real-time scanner, or in manual scans.

(Edit: I don't know if that explains my thoughts, or if it confuses things further. )

 

Ok, I've been thinking about this some more and would like to ask this question: When I perform an 'in-depth' scan with default settings, are the heuristics used during the scan as sensitive as the web access protection module's heuristics?

 

Of course not, otherwise the on-demand scanner might detect a lot of false positives on the disk. Web protection is sensitive to suspicious packers which wouldn't do good if the same sensitivity was used by the on-demand scanner.

 

Right, now we're getting somewhere! Back to the original question: is there any way to call in this extra packer sensitivity with a command line switch when performing a scan with ecls.exe?

 

No, there's no way to enable it as it would be too dangerous.