Behavioral Scan

Behavioral scan protects from threats that elude even the heuristic engine and provides on-execute protection capabilities that automatically discover and block attacks at the pre-execution and execution stages.

Behavioral Scan is divided into the following sections- 

  • Action - You can choose any of the following actions of detection:-
    • Block the application only
    • Disinfect: block and disinfect the application
    • Audit Only: File/Application will not be blocked
  • Score Threshold - You can choose any of the following actions if the threshold score exceeds:-
    • High (aggressive mode – prone to more false positives)
    • Medium
    • Low (less aggressive mode – less false positives)
  • Fileless Attack Protection- Select the Antimalware Scan Interface Security Provider checkbox to automatically allow Qualys to discover and block fileless attacks at the pre-execution stage. 
  • Ransomware Mitigation - You can enable Qualys Antimalware to detect and prevent ransomware attacks and quickly restore encrypted files. 
    You can choose ransomware mitigation for local processes and network share paths accessed remotely, thereby protecting your endpoints and any shared network resources from ransomware attacks. 
    Also See: Ransomware Mitigation: Recovering Encrypted Files.

You can specify a folder, process name, or remote IP to be skipped during Behavioral Scans. When a folder, remote IP, or process is excluded from the scan, the EDR antiransomware will not monitor or analyze that specific item for any suspicious activity.

After you provide information in the Behavioral Scan, click Next to proceed to the fifth step - Network Protection.