File Reputation "Insight"?

Hello ricdgr,

putting the intricacies of reputation as well as implementation details aside for the moment - the basic priciple is the same: When the scanner encounters certain suspicious files its fingerprint is looked up. The Live Protection database likewise not only contains the "latest analyzed and known threats" but the fingerprints of "known good" (which you may call reputable) files as well (thus reducing false positives). The possible answers good, bad or undecided result in the client action allow, block/cleanup or depends (on the type of detection and the client's settings).

For Live Protection the database might ask the client to upload a sample of the dubious file (if the customer has enabled this feature).

There is no feature like the configurable Download Advisor - I might misjudge it from the little information I have but as far as I can see it depends on at least some customers being more willing to take a risk than others :smileyhappy:.  

Christian

Hello ricdgr,

putting the intricacies of reputation as well as implementation details aside for the moment - the basic priciple is the same: When the scanner encounters certain suspicious files its fingerprint is looked up. The Live Protection database likewise not only contains the "latest analyzed and known threats" but the fingerprints of "known good" (which you may call reputable) files as well (thus reducing false positives). The possible answers good, bad or undecided result in the client action allow, block/cleanup or depends (on the type of detection and the client's settings).

For Live Protection the database might ask the client to upload a sample of the dubious file (if the customer has enabled this feature).

There is no feature like the configurable Download Advisor - I might misjudge it from the little information I have but as far as I can see it depends on at least some customers being more willing to take a risk than others :smileyhappy:.  

Christian