cancel
Showing results for 
Search instead for 
Did you mean: 
KimNNH
Level 7
Report Inappropriate Content
Message 1 of 4

Default setting for heuristics on Domain Controllers

I have installed VSE8.8 on 4 servers - all windows server 2003. The 2 Domain Controllers show that heuristics are disabled for a Full Scan. The other 2 show 'low' Is this a default setting? Any recommendations as to whether I can change it or why I shouldn't? 

I cannot find any information in the documnetation on this.

Thank you

3 Replies

Re: Default setting for heuristics on Domain Controllers

You can change it. Basically, if it is "disabled" heuristics are turned off. If it is a "very low", or "low", or any other setting than disabled, it will reach out to what I will call mcafees heuristic engines for analysis.

It is up to you whether or not. If it were me and my domain controller, I would be cautious turning on heuristics, because it is behavioral based, and could generate a number of false positives, thus causing outages.

KimNNH
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Default setting for heuristics on Domain Controllers

I understand the settings and how to change them. At this point I'll leave it as is.

I'm just surprised that the 2 Domain Controllers show that heuristics are disabled for a Full Scan. This apparently is a default setting on install b/c no other machines installed with heuristics disabled.

As I said, it does not appear in any documentation.

Re: Default setting for heuristics on Domain Controllers

You should set the GTI settings (heuristcal network check) to medium for every machine for both OAS and ODS. The only time you go higher is when you have a machine you highly suspect is infected.

If GTI is going to false on file reputations it is likely to do it over a program that has some one of the zillions of packers out there. Normally I see this as the installers for printer drivers (not the actual drivers) or some very small free programs. The file reputations for pretty much everything on the Windows installer images are well-known and already whitelisted within the GTI Skynet AI thingy (secret internal technical name).

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community