1. Symantec/
  2. Security Response/
  3. SAPE Detections

SAPE Detections

Static Attribute Protection Engine (SAPE) is a file similarity clustering system that uses machine learning to automatically discover, verify, and create classifiers to detect large numbers of suspicious files. The classifiers generated by SAPE technology identify malicious files by looking for common combinations of indicators found in each new file that are consistent with indicators found in clusters created from over a billion previously discovered threats and legitimate files. Thus, a threat with no known signature—but that shares similarity in size, structure, or machine language instructions with existing threat clusters—may be detected without any known signature. SAPE uses machine learning to build these clusters automatically, using hundreds of attributes, to detect attacker-polymorphic malicious files, with a very low false positive rate.

Category: Virus
A file detected with the SAPE technology, that has the category of Virus, is a Trojan and is deemed by Symantec to pose a security threat. Symantec will detect and block these files from accessing the computer. These files are considered malicious and may have the potential to cause harm to a system in the form of destruction, disclosure, data modification, and/or Denial of Service (DoS).

Category: Adware
A file detected with the SAPE technology, that has the category of Adware, is considered a security risk. These include programs that facilitate delivery for advertising content to the user and in some cases gather information from the user's computer, including information related to Internet browser usage or other computer habits.

Category: Security Risk or Misleading Application
A file detected with the SAPE technology, that has the category of Security Risk or Misleading Application, is a PUA (Potentially Unwanted Application). SAPE PUA detects programs that users may wish to be made aware of. These programs include applications that have an impact on security, privacy, resource consumption, or are associated with other security risks. These programs can show a pattern of installation without user permission or notice on a system or be deemed to be separate and different from the application installed.

If you have reason to believe that your files are incorrectly detected by Symantec products, you can submit them to Symantec Security Response for further analysis.

Threat Intelligence

Follow the Threat Intelligence Twitter feed