- Dec 27, 2016
From what I can make of the alert text, it reports that a potentially suspicious application has been detected, not that a suspicious behavior is identified.
If that is true, I doubt if it's Deep Behavioral Inspection that triggered the alert. DBI as they say is an extension of HIPS.
In the Detection Engine tab, you have adjustable levels of 'suspicious applications' to be detected. And this is also present in the 'On-demand scans' parameters. So I believe that these two are different in the view that
- Detection Engine >> Suspicious Applications uses static/dynamic analysis of code to see if the file is suspicious (your case)
- HIPS >> DBI monitors activity of actually run apps to see if actions are suspicious