March 29, 2021

What is Heur.AdvML.B?

Recently, I downloaded a .exe file and Norton said:

‘(file name I downloaded).exe
Detected by Auto Protect.
This has happened twice since I downloaded it. Is it malware? Am I safe?



Missing information. What was the .exe file specifically? Where did you download it from?

Norton is generally eh. I don’t recommend it.

Chances are it’s a false positive.


>Heur.AdvML.B is a heuristic detection designed to generically detect malicious files using advanced machine learning technology. A file detected by this detection name is deemed by Symantec to pose a risk to users and is therefore blocked from accessing the computer.

The stuff in the brackets (Heur.AdvML.B) is just shortening “heuristic” and “advanced machine learning”. Viruses are often matched by “signature”, you download some file and your AV says “That’s XYZ Trojan”. It has to have an exact match.

Heuristic detection means that your AV watched what the program was doing and doesn’t think it should be doing it. For example, if you downloaded the minesweeper game and it scanned everything on your computer and sent it to some random IP, a heuristic-based AV will say “that’s not normal for a game”.

I have no idea how good Norton’s heuristic detection is off-hand. It would be recommended you follow the instructions it gives to remove the offending exe and don’t download it again.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.