82
Kaspersky Anti-Virus 7.0
You can temporarily disable the pause on File Anti-Virus when using a specific
application. To do so, uncheck the name of the application. You do not have to
delete it from the list.
Figure 22. Creating an application list
7.2.4.
Using Heuristic Analysis
Heuristic methods are utilized by several real-time protection components, such
as File, Mail, Web Anti-Virus, as well as virus scan tasks.
Of course, scanning using the signature method with a database created pre-
viously containing a description of known threats and methods for treating them
will give you a definite answer regarding whether a scanned object is malicious
and what dangerous program class it is classified as. The heuristic method, un-
like the signature method, is aimed at detecting typical behavior of operations
rather than malicious code signatures that allow the program to make a conclu-
sion on a file with a certain likelihood. The advantage of the heuristic method is
that it does not require repopulated databases to function. Because of this, new
threats are detected before virus analysts have encountered them.
Heuristic analyzer emulates object execution in the Kaspersky Anti-Virus secure
virtual environment. If an object does not exhibit suspicious behaviour, its execu-
tion in operating environment is allowed. If suspicious activity is discovered as
the object executes, the object will be deemed malicious and will not be allowed
to run on the host or a message will be displayed requesting further instructions
from the user:
Quarantine the new threat to be scanned and processed later using up-
dated databases
