How heuristic network check for suspicious files works

This feature provides customers using Windows-based McAfee anti-virus products with the most up-to-date real-time detections for certain malware. It uses administrator-configured sensitivity levels to look for suspicious programs and DLLs running on client systems that are protected by VirusScan Enterprise. When the real-time malware defense detects a suspicious program, it sends a DNS request containing a fingerprint of the suspicious file to a central database server hosted by McAfee Avert Labs. The real-time defense feature does not provide protection for entire classes of malware; just for suspicious samples. The benefit of protecting against specific threats is our capability to protect users with McAfee security at virtually the same time that McAfee Avert Labs determines a sample is malicious. In this release, the feature is disabled by default. You must select a sensitivity level to enable the feature.