For future reference...About PUP.Adware.Heuristics detectionHeuristic analysis
is the ability of an anti-virus or anti-malware program to detect possible new variants of malware
before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. A heuristic scanner does not compare code to a signature file like a virus scanner but uses a grading system to determine the probability that the program code being analyzed is a virus. Most heuristic scanners perform a statistical analysis in order to determine the likelihood that a file contains program code that may indicate it is malicious. Static heuristic analysis usually begins by scanning code for suspicious attributes characteristic of a malicious program. Dynamic heuristic analysis involves copying part of a programs code into the anti-virus's virtual emulation buffer and uses special techniques to reproduce its action (execution). If any suspicious activity is detected during this phase, the program is considered malicious and its execution is blocked. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as possible malware
to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk
for a "false positive
" when the heuristic analysis flags a file as suspicious
that contains no malware. Packed files
use a specially compressed (protected) file that may have been obfuscated or encrypted in order to conceal itself and often trigger alerts by anti-virus software using heuristic detection because they are resistant to scanning (difficult to read). Sometimes lowering the program's heuristic settings
and rescanning may provide more accurate results but then that increases the possibility for new malware to infect your system.
Submitting file samples to the vendor for further analysis allows the lab techs to quickly investigate and confirm if the detection is actually malware. Some security programs have built-in options for submitting a file directly from the quarantined area to the vendor's lab for analysis. Most user guides will explain how to do that. Other anti-virus solutions automatically submit files or provide an alert to do so if you have checked the option to "Submit for analysis
in the program's settings. If those options are unavailable, you can also look for documentation on the vendor's web site on how to submit file samples.