Updated: October 2, 2020

Behavioral Analysis module

The Behavioral Analysis module is the N-able N-central decision engine. It examines the behavior of a file and determines if the file may be a threat. The integrated Intrusion Detection System (IDS) detects and blocks attempts to change:

  • critical system files,
  • AV Defender files or registry entries,
  • installation of malware drivers, and
  • attacks performed by code injection (DLL injection).

The Behavioral Analysis module is supported on devices running 32-bit and 64-bit editions of:

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10

  1. Click Configuration > Security Manager > Profiles.
  2. Click Add, or click on an existing profile to edit.
  3. Click View Settings beside the Behavioral Analysis module.
  4. Click the Enabled check box to turn on the module.
  5. Turn off Silent Mode to enable the user to select to block or allow events. If no response is provided, the events are blocked.
  6. In the Active Virus Control area, click the Enable so that AV Defender can monitor applications and scan for malware-like actions on the target system. Active Virus Control needs to be enabled for AV Defender to function effectively.
  7. Set the detection level to determine the aggressiveness of this behavioral detection engine. This option sets the detection rate of the Bitdefender active virus control. False positives, clean applications detected as malicious, may appear in results.
    • Aggressive sets the active virus control to high, and will show more alerts - some false positives may appear.
    • Normal sets the active virus control to medium and will show more alerts that may include some false positives.
    • Permissive sets the active virus control to low and will show less alerts and a very low likelihood of false positives.
  8. Set the Detection Level to normal to protect best against cryptolocker and its variants.

  9. Click Save.

To receive notifications of the Behavioral Analysis module, you can configure an AV Defender Behavioral Scan Events service and notifications.