HyperDetect
HyperDetect adds an extra layer of security over the existing scanning technologies (On-Access, On-Demand and Traffic Scan), to fight against the new generation of cyber-attacks, including advanced persistent threats. HyperDetect enhances the Antimalware and Content Control protection modules with its powerful heuristics based on artificial intelligence and machine learning.
Note
This module is available for:
Windows for workstations
Windows for servers
Linux
With its ability to predict targeted attacks and detect most sophisticated malware in the pre-execution stage, HyperDetect exposes threats much faster than the signature-based or behavioral scanning technologies.
To configure HyperDetect:
Use the HyperDetect check box to turn the module on or off.
Select which type of threats you want to protect your network from. By default, protection is enabled for all types of threats: targeted attacks, suspicious files and network traffic, exploits, ransomware, or grayware.
Note
The heuristics for network traffic require Content Control > Traffic Scan to be enabled.
Customize the protection level against threats of the selected types.
Use the master switch at the top of the threats list to choose a unique level of protection for all types of threats, or select individual levels to fine tune protection.
Setting the module at a certain level will result in actions being taken up to that level. For example, if set to Normal, the module detects and contains threats that trigger the Permissive and Normal thresholds, but not the Aggressive one.
Protection increases from Permissive to Aggressive.
Keep in mind that an aggressive detection may conduct to false positives, while a permissive one can expose your network to some threats. It is recommended to first set protection level to the maximum and then lower it in case of many false positives, until you achieve the optimal balance.
Note
Whenever you enable protection for a type of threats, detection is automatically set to the default value (Normal level).
Under the Actions section, configure how HyperDetect should react to detections. Use the drop-down menu options to set the action to be taken on threats:
For files: deny access, remediate, quarantine, or just report the object.
For network traffic: block or just report the suspicious traffic.
Select the check box Extend reporting on higher levels next to the drop-down menu, if you want to view the threats detected at higher protection levels than the one set.
If you are uncertain of the current configuration, you can easily restore the initial settings by clicking the Reset to default button at the lower side of the page.