Endpoint Protection

 View Only

  • 1.  bloodhound level 5 or higher

    Posted Dec 08, 2009 08:28 AM
    i am trying to put information togetehr for my client to turn this on for there environmet. Where do you turn this on, and where is some info that I can grab for the cliemt to review


  • 2.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 08:43 AM
    its under advanced scanning

    Bloodhound™ Detection Settings

    Enables or disables Bloodhound virus detection

    Bloodhound isolates and locates the logical regions of a file to detect a high percentage of unknown viruses. Bloodhound then analyzes the program logic for virus-like behavior.

    By default, the level of protection is set to Default

    To configure advanced scanning and monitoring options

    1. On the Antivirus and Antispyware Policy page, click File System Auto-Protect.

    2. On the Scan Details tab, under Scanning, click Advanced Scanning and Monitoring.

    3. Under Scan Files When, specify what activities trigger scans.

    4. Under Bloodhound(TM) Detection Settings, check or uncheck Enable Bloodhound(TM) virus detection.

      You can also change the level of protection.

    5. Click OK.

    6. If you are finished with the configuration for this policy, click OK.



  • 3.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 08:44 AM

    On the client:

     

    Open SEP UI

    Click Change settings

    Click Configure settings for Antivirus and AntiSpyware protection

    Click File System AutoProtect

    Click Advanced

    Click Heuristics under "advanced scanning options

    Enable or Disable "Bloodhound Heuristic virus detection

    Select desired level or protection


  • 4.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 08:48 AM
    blod.JPG


  • 5.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 09:05 AM
    thank you so much guys what is level 5. I am asked to get level 5 blood houd and the explination of what this will do for them, does this make sense?

    i see minimum default maximum where can i read up so I can create a report for this to explain to client the bbenefits etc


  • 6.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 09:07 AM
    Please go through this

    http://aka-community.symantec.com/connect/forums/bloodhound-question

    Bloodhound isolates and locates the logical regions of a file to detect a high percentage of unknown viruses. Bloodhound then analyzes the program logic for virus-like behavior.

    By default, the level of protection is set to Default.

    the default logical level is 5



  • 7.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 09:13 AM
    more on this.

    Antivirus and antispyware scans rely mostly on signatures to detect known threats. Proactive threat scans use heuristics to detect unknown threats. Heuristic process scans analyze the behavior of an application or a process. The scan determines if the process exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as protection from zero-day attacks.

    Auto-Protect also uses a type of heuristic called Bloodhound to detect suspicious behavior in files. Proactive threat scans detect suspicious behavior in active processes
     



  • 8.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 09:14 AM
     For Proactive Threat Protection which also a Heuristic scan.
    The fedault sensitivity is 20 out of 100.
    So you might have been asked to increase the sensitivity to 50 out of 100 i.e. 5/10

    https://www-secure.symantec.com/connect/forums/truscan-sensitivity-setting


  • 9.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 09:16 AM
    is there a place that I can read all about blood hound, and teh different levels and what they will offer?


  • 10.  RE: bloodhound level 5 or higher

    Posted Dec 08, 2009 09:19 AM
    you can find it here
    http://www.symantec.com/security_response/writeup.jsp?docid=2000-121911-5753-99

    Understanding

    Heuristics:

    Symantec’s Bloodhound

    Technology

    http://www.symantec.com/avcenter/reference/heuristc.pdf


  • 11.  RE: bloodhound level 5 or higher
    Best Answer

    Posted Dec 08, 2009 09:21 AM

    What is the difference between the Bloodhound and Proactive Threat Protection (TruScan) technologies?

     http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6ad1c97deb7bbfd9882575610067e166?OpenDocument

    How to enable, disable, or configure Bloodhound (TM) heuristic virus detection in Endpoint Protection

    http://service1.symantec.com/
    support/ent-security.nsf/854fa02b4f5013678825731a007d06af/1c78734306210057882575600079ebb2?OpenDocument

    from Help File

    Heuristic Scanning Options

    Bloodhound technology dramatically increases the protection against new and unknown viruses.

    Bloodhound isolates and locates the various logical regions of a file, and then analyzes the program logic for virus-like behavior. Bloodhound detects a very high percentage of unknown viruses. In addition, the client detects unknown viruses by monitoring activity on your computer for the behaviors that viruses typically perform. When a suspicious activity is detected, the client prevents the action from continuing.

    Table: Heuristic scanning options

    Option

    Description

    Enable Bloodhound heuristic virus detection

    Enables or disables Bloodhound

    Select desired sensitivity level

    Sets the Bloodhound detection sensitivity level.

    If you select Maximum level of protection, the client may incorrectly report a virus. Symantec suggests that you use this option only if you highly suspect that you have a virus. In all other cases, you should choose Default level of protection.

    The client might detect a virus only when you select Maximum level of protection. In that case, you should submit a quarantined virus sample to Symantec Security Response.