Detect suspicious behavior
If you use role-based administration:
- You must have the Policy setting - anti-virus and HIPS right to perform this task.
- You cannot edit a policy if it is applied outside your active sub-estate.
For more information, see Managing roles and sub-estates.
Suspicious behavior detection watches all system processes for signs of active malware, such as suspicious writes to the registry or file copy actions. It can be set to warn the administrator and/or block the process.
By default, suspicious behavior is detected and reported, but not blocked.
To change the settings for detecting and reporting suspicious behavior:
For the strongest protection, we advise you to enable suspicious file detection. See Configure on-access scanning.