Netskope Help

Advanced Heuristic Analysis

Note

You must have the Advanced Threat Protection license to use Advanced Heuristic analysis.

Attackers are increasingly using layers of obfuscation and packing to evade conventional detection and analysis tools. Netskope recursively unpacks files and extracts internal objects to make them fully available for analysis. You can use advanced statical analysis on binary files to deeply analyze binary file components without executing them.

The Netskope Advanced Heuristic engine:

  • Detects signature-less malware.

  • Conducts static analysis without file execution.

  • Scans binary files to identify indicators of malicious activity.

  • Analyzes files against 3,000+ threat indicators across a wide range of binary file types, including Windows, Mac OS, Linux, iOS, Android, and supports over 3,500 file format families.

  • Decomposes, unpacks, and de-obfuscates files to extract all objects for analysis.

  • Leverages its advanced engine to rapidly detect evasive, zero-day malware.

To view the advanced heuristics analysis, go to Incidents > Malware. Click on an item on the Malware page, which opens a page with details about the malware. In the File Name column, click on the file name, which opens the Summary page. The Netskope Advanced Heuristics Analysis section of this page shows:

  • File Details: Shows certificate, signer, issuer, algorithm, and container file information. Click See Malicious Files to see which of the sub components and files are malicious.

  • Network References: Shows domain information.

  • Indicators: Shows activity of malicious behavior.

  • Key Capabilities: Shows what the malware is capable of doing.