Advanced Threat Control
For threats that elude even the heuristic engine, another layer of protection is present in the form of Advanced Threat Control (ATC).
Advanced Threat Control continuously monitors running processes and grades suspicious behaviors such as attempts to: disguise the type of process, execute code in another process’s space (hijack process memory for privilege escalation), replicate, drop files, hide from process enumeration applications, etc. Each suspicious behavior raises the process rating. When a threshold is reached, an alarm is triggered.