A heuristic scan is used to detect new, unknown viruses in your system that have not yet been identified. Only some antiviruses can do this type of scan, the majority are only able to detect known viruses.
How does a heuristic scan work?
Virus detection is based on recognition of a signature or string of code which identifies a certain virus. Similar to how investigators use characteristics to identify criminals; antiviruses look for ‘digital footprints’ in order to recognize a virus.
Nevertheless, to detect an unknown virus, a particular signature or recognized code does not yet exist. For this reason a heuristic scan is used.
Heuristic methods are based on the piece-by-piece examination of a virus, looking for a sequence or sequences of instructions that differentiate the virus from ‘normal’ programs.
Advantages and disadvantages of heuristic scans.
The principle advantage of this method is the ability to detect known and unknown viruses, based on common characteristics shared by different viruses.
Yet heuristic scans have their share of inconveniences, such as the length of time the scan takes, which is longer than other types. Also, depending on data an increased number of false positives can occur.
What do you do with a virus detected by a heuristic scan?
Information provided by a heuristic scan should be treated with caution. The data generated uses complex and sophisticated methods, which are difficult to interpret. If you receive a notice that a suspicious file has been identified, we recommend that you send it to the Panda Virus Laboratory for further study and analysis.
This is due to the fact that the information generated by this type of scan is usually highly technical and difficult for non-expert users to interpret.