Detection engine (13.0)

Detection engine guards against malicious system attacks by controlling file, email and internet communication. For example, if an object classified as malware is detected, remediation will start. The detection engine can eliminate it by first blocking it and then cleaning, deleting or moving it to quarantine.

To configure the detection engine settings in detail, click Advanced Setup or press F5.

note

Changes to detection engine scanner configuration

Starting from version 13.1, the Detection engine section looks different.

Scanner options for all protection modules (for example Real-time file system protection, Web access protection, ...) allows you to enable or disable detection of the following:

Potentially unwanted applications Grayware or Potentially Unwanted Application (PUA) is a broad category of software, whose intent is not as unequivocally malicious as with other types of malware, such as viruses or trojan horses. It may however install additional unwanted software, change the behavior of the digital device, or perform activities not approved or expected by the user.
Read more about these types of applications in the glossary.

Potentially unsafe applications refers to legitimate commercial software that has the potential to be misused for malicious purposes. Examples of potentially unsafe applications include remote access tools, password-cracking applications, and keyloggers (programs recording each keystroke typed by a user). This option is disabled by default.
Read more about these types of applications in the glossary.

Suspicious applications include programs compressed with packers or protectors. These types of protectors are often exploited by malware authors to evade detection.

Anti-Stealth technology is a sophisticated system that provides the detection of dangerous programs such as rootkits, which are able to hide themselves from the operating system. This means it is not possible to detect them using ordinary testing techniques.

Exclusions enable you to exclude objects from scanning. See Exclusions for more information.

Enable advanced scanning via AMSIMicrosoft Antimalware Scan Interface tool that allows application developers new malware defenses (Windows 10 only).

CONFIG_ANTIVIRUS