About Proactive Threat Protection: Proactive threat scanning provides an additional level of protection to a computer that complements existing AntiVirus, AntiSpyware, Intrusion Prevention, and Firewall protection technologies. AntiVirus and AntiSpyware scans rely mostly on signatures to detect known threats. Proactive threat scans use heuristics to detect unknown threats. The Heuristic process scan analyzes the behavior of an application or a process. The scan determines if the process exhibits the characteristics of a threat, such as Trojan horses, worms, or key loggers. The processes typically exhibit a type of behavior that a threat can exploit, such as opening a port on a user's computer. This type of protection is sometimes referred to as protection from "Zero-day attacks":
"Zero-day attack vulnerabilities" are new vulnerabilities that are not yet publicly known. Threats exploiting these vulnerabilities can evade signature based detection such as AntiSpyware and AntiSpyware definitions.
"Zero-day" attacks may be used in targeted attacks and in the propagation of malicious code.
Proactive Threat Protection also includes Application and Device Control Policies. Application and Device control is implemented on client computers using policies. An Application and Device Control Policy offers two types of control or protection over client computers:
Administrators can use the following:
Application control to monitor Windows Application Provider Interface calls to a client computer and controls access to a client's computer files, registry keys, and processes
Device control to manage the peripheral devices that are attached to computers.
These two protections can be administered when a new policy is created. The option to add application control or device control first and then the other type of protection at a later time is also available.
Configure the following Proactive Threat Protection settings:
What types of threats to scan for
How often to run Proactive threat scans
Whether or not notifications should appear on the client computer when a Proactive threat detection occurs
For additional information, refer to the following documentation in the Symantec Endpoint Protection Administrators guide: