Using heuristic scanning

Applies To: Forefront Client Security

Client Security includes a heuristic scanning feature, which enables it to detect possible malware that may not yet be identified by malware definitions. Heuristics assess files for common behaviors and attributes associated with malware, instead of identifying the file using malware definitions. For more information about types of scanning, see About scans.

By default, a new Client Security policy enforces heuristic scanning.

To enable heuristic scanning

1. In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.

2. In the New Policy or Edit Policy dialog box, click the Advanced tab.

3. Under Malware scan options, select the Use heuristics to detect suspicious files check box.

4. After you finish creating or editing the policy, click OK.

5. To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.

To disable heuristic scanning

1. In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.

2. In the New Policy or Edit Policy dialog box, click the Advanced tab.

3. Under Malware scan options, clear the Use heuristics to detect suspicious files check box.

4. After you finish creating or editing the policy, click OK.

5. To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.