What is the difference between the Bloodhound and Proactive Threat Protection (TruScan) technologies?

book

Article ID: 177534

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You would like to know what the difference between Bloodhound and Proactive Threat Protection (TruScan) technologies is.

Resolution

Bloodhound protection and Proactive Threat Protection (now called TruScan) are different but complimentary technologies.

Bloodhound is the name of our heuristics-based virus detection technology that is part of the AntiVirus engine included with both Symantec AntiVirus Corporate Edition (SAV) and Symantec Endpoint Protection (SEP). Both products contain Bloodhound technology as part of the core of the virus scan engine.

Proactive Threat Protection (PTP, also called TruScan) is a separate technology that is also heuristics-based, but operates differently than Bloodhound.

Bloodhound detections are made by the virus scan engine when a file on the filesystem is scanned by either AutoProtect or during a scheduled/manual scan. These detections are based on analyzing the contents of the file itself for malicious code.

TruScan on the other hand monitors processes running in memory, not files on the filesystem. TruScan analyzes the actions that a process takes while running and attempts to determine if the behavior of the process is suspicious. If suspicious behavior is detected, TruScan issues an alert and may act on the process based on the policy set for such conditions.

In short, the technologies make up two different components that have a similar goal, which is to detect malicious programs before virus detection signatures are available. These technologies both do this by utilizing heuristics-based functionality.