about“malware heuristic analysis”

sometimes D+ or firewall alert about malware heuristic analysis
like this “denfense+ malware heuristic analysis has detected possible malware behavior in 。。。”
I just want to know more information about malware heuristic analysis of comodo firewall pro V3
There is no relevant information about malware heuristic analysis in help

That alert means an application or any other .dll, .exe, etc is performing a suspicious/dangerous action (Threat). Normally- If you haven’t requested to run the application or know NOTHING about it, You Denny it. Otherwise, If it REALLY is a trusted application, You allow it. D+ Malware Heuristic Analysis doesn’t always mean it is 100% malware, But it means that’s the way the app is trying acting in a malicious way (Much more powerful then Signatures).


it is a kind of engine? sometims,when first running a malware or application,comodo will alert It is possibly the malicious software ,how comodo knows this?it has a Feature Library or something?

Yes. It does use a engine. The engine also has heuristics (Like some AV’s) to identify known and unknown malware. This is how D+ can recognize it (Along with behavior analysis, etc).


If we are going to ask the general heuristic question rather than just the specific comodo version, heuristics assumes
from past behavior of similar malware, that if it looks like a duck, it quacks like a duck, then its a duck. But the whole heuristic philosophy is that since its not 100% sure its a duck, there exists a non zero possibility it might not be a duck.

But in the grand scheme of heuristics, the user and the programmer of the application can opt for two basic approaches. (1) Let the application make the call, if it thinks its a duck, delete the duck and don’t bother the user.
Which is all well and fine, unless the duck deleted ends up being some file vital to the OS or so other legitimate application. And to add injury to insult, it may be a long time before the user discovers some program no longer works and is major league baffled. (2) Or IMHO, the better way, ask the user before deleting the file. And gasp, ask the user for input before deleting, silly rabbit, I expect comodo to be 100% psychic, I am not so they should be.