Content & Malware Analysis

 View Only
Expand all | Collapse all

Customising the Configured thresholds for predictive analysis

  • 1.  Customising the Configured thresholds for predictive analysis

    Posted Aug 21, 2019 03:07 PM

    Hi;

    The current thresholds for Cylence are 4 and 7. With 7 and above is the threshold for a block and 4 and below is the threshold for a good benign file. My understanding is that anything in between 4 and 7 will be sent to the AV engine to be scanned. Would it make more sense to avoid any false positives and negatives to change these limits to 3 and 8. Are the default limits the recommended ones and if so, is there a reference I can use for that.

     

     

    Kindly

    Wasfi



  • 2.  RE: Customising the Configured thresholds for predictive analysis
    Best Answer

    Posted Aug 21, 2019 05:09 PM
    Dear Wasfi, This default is recommended one mostly we keep same setting instead of changing value. Also Symantec recommends a value of 3. https://origin-symwisedownload.symantec.com/resources/webguides/contentanalysis/21/Content/Topics/Tasks/services_static_analysis.htm