3 Replies Latest reply on Sep 30, 2011 4:45 PM by petersimmons

    Default setting for heuristics on Domain Controllers

      I have installed VSE8.8 on 4 servers - all windows server 2003. The 2 Domain Controllers show that heuristics are disabled for a Full Scan. The other 2 show 'low' Is this a default setting? Any recommendations as to whether I can change it or why I shouldn't? 

      I cannot find any information in the documnetation on this.

       

      Thank you

        • 1. Re: Default setting for heuristics on Domain Controllers
          greatscott

          You can change it. Basically, if it is "disabled" heuristics are turned off. If it is a "very low", or "low", or any other setting than disabled, it will reach out to what I will call mcafees heuristic engines for analysis.

           

          It is up to you whether or not. If it were me and my domain controller, I would be cautious turning on heuristics, because it is behavioral based, and could generate a number of false positives, thus causing outages.

          • 2. Re: Default setting for heuristics on Domain Controllers

            I understand the settings and how to change them. At this point I'll leave it as is.

            I'm just surprised that the 2 Domain Controllers show that heuristics are disabled for a Full Scan. This apparently is a default setting on install b/c no other machines installed with heuristics disabled.

            As I said, it does not appear in any documentation.

            • 3. Re: Default setting for heuristics on Domain Controllers
              petersimmons

              You should set the GTI settings (heuristcal network check) to medium for every machine for both OAS and ODS. The only time you go higher is when you have a machine you highly suspect is infected.

               

              If GTI is going to false on file reputations it is likely to do it over a program that has some one of the zillions of packers out there. Normally I see this as the installers for printer drivers (not the actual drivers) or some very small free programs. The file reputations for pretty much everything on the Windows installer images are well-known and already whitelisted within the GTI Skynet AI thingy (secret internal technical name).