Quick Heal Next Gen - Comprehensive Virus Defence << >>

Heuristic Scanning


Heuristic Analysis is the technique of scanning a file for suspicious code and algorithms. However, it is very difficult to determine what code is suspicious. The code that might be innocent in one program (for example, FORMAT.COM) might be suspicious in a virus-infected file. For this reason it is necessary for heuristic analyzers to calculate how suspicious a file appears. Typically, a scoring system is implemented, and any file which has enough suspicious elements (enough high score) is flagged as being a possible virus. Suspicious elements could include undocumented DOS functions, anti-Debug techniques to avoid disassembly, existence of an executable file search mask (*.COM, *.EXE) etc.)

Heuristic Engine can only point a needle of suspicion towards a file for a possible viral infection and is not a conclusive proof.

Heuristic engine also does not have any detail on either the file or the virus. Hence, it is not possible for it to recover files from such cases.

Advice:
If you are sure that a virus has not infected the file and you are still getting a heuristic warning, just ignore the message. Also add the file to the exclusion list to avoid further warning on that file.