cybersecurity Glossary

What is Heuristic Virus?

Antivirus software detects malware based on its signature (“fingerprint” equivalent to the identified threat). For those cases where the malware is very recent, or so focussed on certain organisations, it is very likely that there is not yet a trace identifiable by an antivirus. This is where heuristic detections help to detect malware that is not recognised by its signature.

Basically, the main advantage of heuristic detection is that, instead of the malware signature, the antivirus will analyse a series of clues based on static and runtime analysis. This will ensure that the antivirus is not dependent on whether it has a signature registered in its knowledge base, allowing it to recognise new threats not seen before by the antivirus.

A disadvantage of Heuristic detections is that legitimate / non-malicious software can be detected if its behaviour is likely to meet the thresholds of the heuristics of each antivirus. For these cases the solution is to create exclusions for these applications in the antivirus that allow their execution without any blocking.