For the files that are classified as suspicious, the Hitman Pro client sends a request to the Scan Cloud for confirmation if these files are indeed malicious. As the Behavioural Scan already has distinguished the good from the potentially bad files, the Scan Cloud only needs to be consulted for a few files.
The Scan Cloud is a highly optimized cluster of multiple computers, residing on the Internet. The response from the Scan Cloud to this request can be that the file is:
- Known as Safe
- Known as Malicious
When the file is already known in the Scan Cloud, the response "Safe" or "Malicious" is returned within milliseconds.
When the file is Unknown, the Hitman Pro client uploads the file to the Scan Cloud where the file is scanned using the anti virus programs of 5 different vendors. Each of these anti virus programs analyzes the file and responds with "Safe" or "Malicious".
In some instances, the file is Unknown in our Scan Cloud. In this case, the information gathered by Hitman Pro 3 and using the scoring system from the Behavioural Scan we are able to help the user remove unknown suspicious files. These are often referred to as "Zero day threats".
The Behavioural Scan in Hitman Pro is designed to scan, remove and analyze executable files, so called Portable Executables (PE). These are usually EXE, DLL and SYS files.
Hitman Pro will not upload documents, pictures, etc. to the Scan Cloud.