Netskope Help

Advanced Heuristic Analysis

Attackers are increasingly using layers of obfuscation and packing to evade conventional detection and analysis tools. Netskope recursively unpacks files and extracts internal objects to make them fully available for analysis.

Advanced statical analysis of binary files is used to perform a deep analysis of binary file components without executing them. This pre-execution analysis identifies 3000+ threat indicators across a wide range of binary file types, including Windows, Mac OS, Linux, iOS, Android, and supports over 3500 file format families. An advanced threat protection license is required to use advanced heuristic analysis.

To view the advanced heuristics analysis, go to Incidents > Malware. Click on an item on the Malware page, which opens a page with details about the malware. In the File Name column, click on the file name, which opens the Summary page. The Netskope Advanced Heuristics Analysis section of this page shows:

  • File Details: Shows certificate, signer, issuer, algorithm, and container file information. Click See Malicious Files to see which of the sub components and files are malicious.

  • Network References: Shows domain information.

  • Indicators: Shows activity of malicious behavior.

  • Key Capabilities: Shows what the malware is capable of doing.