handbook/tools/5.Machine/3.Active-Directory/General/Exploitation/AV-Detection-and-Evasion/Detection-Methods/Heuristic-Based-Detection.md

Heuristic-based detection involves using algorithms and other techniques to analyze the behavior of a file or program and identify patterns or characteristics that are associated with malware. This method is useful for detecting unknown or zero-day threats, as it does not rely on a database of known malware signatures. However, it can also result in false positives, where a benign file or program is mistakenly identified as malicious.