Learn about Advanced Machine Learning (AML) in Symantec Endpoint Protection (SEP) 14.x

What is Advanced Machine Learning?

This endpoint-based machine learning engine can detect malware based on static attributes. AML enables SEP to detect malware in the pre-execution phase thereby stopping large classes of malware, both known and unknown.

The AML engine is intended to work with the Symantec real-time cloud-based threat intelligence to provide best-in-class protection with low false positives. Cloud connectivity further reduces false positives.

How is AML made available?

The AML engine is a component of the SEP client. Updates are acquired through definition updates. Updates are not needed as frequently as traditional signature-based technology.

How to ensure cloud lookup availability

1. In Endpoint Protection Manager (SEPM), click Clients.
2. Select the desired group.
3. Click the Policies tab.
4. Under Settings, click External Communications.
5. Under Client Queries, ensure Allow Insight lookups for threat detection is checked.

How to set the Bloodhound level

1. In the SEPM, click Policies.
2. Select Virus and Spyware Protection. 
3. Right-click the desired Virus and Spyware Protection policy from the list of policies, then click Edit.
4. Under Advanced Options, select Global Scan Options.
5. Under Bloodhound Detection Settings you can check the box to enable, or uncheck the box to disable this setting. Bloodhound can be set to Automatic or Aggressive.

Note: In SEP 14.x, Aggressive mode may require additional management of false positives for administrators.