About Advanced Machine Learning in Endpoint Protection 14

book

Article ID: 164119

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Learn about Advanced Machine Learning (AML) in Symantec Endpoint Protection (SEP) 14.

Resolution

What is Advanced Machine Learning?

This endpoint-based machine learning engine can detect malware based on static attributes. AML enables SEP to detect malware in the pre-execution phase thereby stopping large classes of malware, both known and unknown.

The AML engine is intended to work with the Symantec real-time cloud-based threat intelligence to provide best-in-class protection with low false positives. Cloud connectivity further reduces false positives.

How is AML made available?

The AML engine is a component of the SEP client. Updates are acquired through definition updates. Updates are not needed as frequently as traditional signature-based technology.

How to ensure cloud lookup availability

  1. In Endpoint Protection Manager (SEPM), click Clients.
  2. Select the desired group.
  3. Click the Policies tab.
  4. Under Settings, click External Communications.
  5. Under Client Queries, ensure Allow Insight lookups for threat detection is checked.

How to set the Bloodhound level

  1. In the SEPM, click Policies.
  2. Select Antivirus and Antispyware.
  3. Right-click the desired Antivirus and Antispyware policy from the list of policies, then click Edit.
  4. Under Advanced Options, select Global Scan Options.
  5. Under Bloodhound Detection Settings you can check the box to enable or disable it, and select the drop-down to choose Automatic or Aggressive.

Note: In SEP 14, Aggressive mode may require additional management of false positives for administrators.