What is a heuristic analyzer?

  1. The heuristic method, unlike the signature method, aims to detect non-signatures malicious code, but typical sequences of operations that make it possible to draw a conclusion about the nature of the file with a sufficient degree of probability. The advantage of heuristic analysis is that it does not require pre-compiled databases to work. Due to this, new threats are recognized before their activity becomes known to virus analysts.
  2. please write to me if you know
  3. Heuristic scanning is a method of operation of an anti-virus program based on signatures and heuristics. This technology, however, is used very carefully in modern programs, as it can increase the number of false positives.
  4. A heuristic analyzer (heuristic) is an anti-virus module that analyzes the code of an executable file and determines whether the scanned object is infected.
    Heuristic analysis does not use standard signatures. On the contrary, the heuristic makes a decision on the basis of predetermined, sometimes not entirely clear rules.

    For greater clarity, this approach can be compared with artificial intelligence, which independently conducts analysis and makes decisions. However, this analogy only partially captures the essence, since the heuristic does not know how to learn and, unfortunately, has low efficiency. According to antivirus experts, even the most modern analyzers are unable to stop more than 30% of malicious codes. Another problem is false positives, when a legitimate program is identified as infected.

    However, despite all the shortcomings, heuristic methods are still used in antivirus products. The fact is that the combination of different approaches can improve the final efficiency of the scanner. Today, heuristics are supplied with the products of all major market players: Symantec, Kaspersky Lab, Panda, Trend Micro and McAfee.
    The heuristic analysis checks the file structure and its compliance with virus templates. The most popular heuristic technique is to check the contents of a file for modifications of already known virus signatures and their combinations. This helps to detect hybrids and new versions of previously known viruses without additional updating of the anti-virus database.
    Heuristic analysis is used to detect unknown viruses and, as a result, does not involve treatment.
    This technology is not able to 100% determine the virus in front of it or not, and like any probabilistic algorithm, it sins with false positives.

    Any questions - will be resolved by me, contact us, we will help in any way we can

  5. Heuristic Analyzer Summarizes Trends program code on calls to system interrupts, extrapolating the level of possible harmfulness. Thus, a balanced protection of the operating system is provided.
    Well, I sort of explained everything, understand? ;))
  6. it's a type of artificial intelligence. in real life, this technology is not available, there are some approximations to it, as if the antivirus itself analyzes the program and decides whether it is a virus or not

Antivirus programs are programs whose main task is to protect against viruses, or more precisely, against viruses. malware.

Theoretically, methods and principles of protection are not of particular importance, the main thing is that they should be aimed at combating malware. But in practice, the situation is somewhat different: almost any anti-virus program combines in different proportions all the technologies and methods of protection against viruses that have been created to date.

Of all methods antivirus protection two main groups can be distinguished:

  • Signature Methods- accurate virus detection methods based on file comparison with known virus samples
  • Heuristic methods- approximate detection methods that allow to assume with a certain probability that the file is infected

signature analysis

The word signature in this case is a tracing paper for the English signature, meaning "signature" or, in a figurative sense, "a characteristic feature that identifies something." Actually, that says it all. signature analysis consists in identifying the characteristic identifying features of each virus and searching for viruses by comparing files with the identified features.

Virus signature will be considered a set of features that allow you to uniquely identify the presence of a virus in a file (including cases where the entire file is a virus). Together, the signatures of known viruses make up the anti-virus database.

The task of extracting signatures, as a rule, is solved by people - experts in the field of computer virology, who are able to extract the virus code from the program code and formulate its characteristic features in the form that is most convenient for searching. As a rule - because in most simple cases special automated means of extracting signatures can be used. For example, in the case of simple Trojans or worms that do not infect other programs, but are entirely malicious programs.

Almost every antivirus company has its own group of experts who analyze new viruses and update the antivirus database with new signatures. For this reason, the anti-virus databases in different anti-viruses differ. Nevertheless, there is an agreement between anti-virus companies to exchange virus samples, which means that sooner or later the signature of a new virus gets into the anti-virus databases of almost all anti-viruses. The best antivirus will be the one for which the signature of the new virus was released before anyone else.

One common misconception about signatures is that each signature corresponds to exactly one virus or malware. And as a result, an anti-virus database with a large number of signatures allows you to detect more viruses. Actually it is not. Very often, one signature is used to detect a family of similar viruses, and therefore it is no longer possible to assume that the number of signatures is equal to the number of detected viruses.

The ratio of the number of signatures and the number of known viruses is different for each anti-virus database, and it may well turn out that a database with a smaller number of signatures actually contains information about a larger number of viruses. If we recall that anti-virus companies exchange virus samples, we can assume with a high degree of confidence that the anti-virus databases of the most famous anti-viruses are equivalent.

An important additional feature of signatures is the precise and guaranteed detection of the virus type. This property allows you to add to the database not only the signatures themselves, but also the methods of treating the virus. If signature analysis gave only an answer to the question whether there is a virus or not, but did not give an answer what kind of virus it is, obviously, treatment would not be possible - the risk of doing the wrong actions would be too great and, instead of treatment, to receive additional loss of information.

Another important, but already negative, property is that in order to obtain a signature, you must have a sample of the virus. Consequently, signature method unsuitable for protection against new viruses, since until the virus has been analyzed by experts, it is impossible to create its signature. That is why all the largest epidemics are caused by new viruses. From the moment a virus appears on the Internet to the release of the first signatures, it usually takes several hours, and during this time the virus is able to infect computers almost without hindrance. Almost - because the additional protection tools discussed earlier, as well as heuristic methods used in antivirus programs, help protect against new viruses.

Heuristic analysis

The word "heuristic" comes from the Greek verb "to find". The essence of heuristic methods is that the solution to the problem is based on some plausible assumptions, and not on strict conclusions from the available facts and premises. Since such a definition sounds rather complicated and incomprehensible, it is easier to explain using examples of various heuristic methods.

If the signature method is based on identifying the characteristic features of a virus and looking for these features in the files being scanned, then heuristic analysis is based on the (very plausible) assumption that new viruses often turn out to be similar to some of the already known ones. After the fact, such an assumption is justified by the presence in the anti-virus databases of signatures for detecting not one, but several viruses at once. Based on this assumption, the heuristic method is to search for files that do not fully, but very closely match the signatures of known viruses.

The positive effect of using this method is the ability to detect new viruses even before signatures are allocated for them. Negative sides:

  • Chance of mistakenly detecting a virus in a file when the file is actually clean - such events are called false positives
  • Impossibility of treatment - both due to possible false positives, and due to possible inaccurate determination of the type of virus, an attempt to treat can lead to greater loss of information than the virus itself, and this is unacceptable
  • Low efficiency - against truly innovative viruses that cause the most widespread epidemics, this kind of heuristic analysis is of little use

Search for viruses that perform suspicious activities

Another method, based on heuristics, is based on the assumption that malware somehow seeks to harm the computer. The method is based on the identification of the main malicious actions, such as, for example:

  • Deleting a file
  • Write to file
  • Recording in certain areas system registry
  • Opening a listening port
  • Interception of data entered from the keyboard
  • Mailing of letters
  • And etc.

It is clear that the performance of each such action separately is not a reason to consider the program malicious. But if a program sequentially performs several such actions, for example, writes its own startup to the autorun key of the system registry, intercepts data entered from the keyboard and sends this data to some Internet address with a certain frequency, then this program is at least suspicious. A heuristic analyzer based on this principle must constantly monitor the actions that programs perform.

The advantage of the described method is the ability to detect previously unknown malicious programs, even if they are not very similar to those already known. For example, a new malware can use a new vulnerability to infiltrate a computer, but after that it starts to perform its usual malicious actions. Such a program can be skipped by a heuristic analyzer of the first type, but can be detected by an analyzer of the second type.

The negative traits are the same as before:

  • False positives
  • Impossibility of treatment
  • Low efficiency

The article refers to Kaspersky Endpoint Security 10 for Windows:

  • Service Pack 2 Maintenance Release 4 (version 10.3.3.304);
  • Service Pack 2 Maintenance Release 3 (version 10.3.3.275);
  • Service Pack 2 Maintenance Release 2 (version 10.3.0.6294);
  • Service Pack 2 Maintenance Release 1 (version 10.3.0.6294);
  • Service Pack 2 (version 10.3.0.6294).

What is heuristic analysis

Heuristic analysis is a technology for detecting threats that cannot be determined using current version databases of Kaspersky Lab. Allows you to find files that may contain an unknown virus or a new modification of a known virus.

Heuristic analyzer is a module that works on the basis of heuristic analysis technology.

Static and Dynamic Analysis

Static analysis. The heuristic analyzer scans the code for suspicious commands, such as searching for and modifying executable files. If there are suspicious commands or fragments, the heuristic analyzer increments the "suspiciousness counter" of the program. If, after scanning the entire application code, the value of the counter exceeds the specified threshold value, then the object is considered suspicious.

Dynamic analysis. The heuristic analyzer emulates running a program in a virtual address space. If the heuristic analyzer detects suspicious actions during the emulation process, the object is recognized as malicious and its launch on the user's computer is blocked.

Kaspersky Endpoint Security 10 for Windows uses static analysis in combination with dynamic analysis.

Which protection components use the heuristic analyzer

  • File Anti-Virus. More details in the help.
  • Mail Antivirus. More details in the help.
  • Web Anti-Virus. More details in the help.
  • Application activity control. More details in the help.
  • Checking tasks. More details in the help.

Full Support

Base releaseYes
SupportYes
Release of patchesYes

Latest version:

Commercial release date:

Release latest version:

What does status mean?

  • Base release

    Release of database updates necessary to protect your computer/server/mobile device.

  • Support

    Providing technical support by phone and via a web form.

  • Release of patches

    Release of update packages for the program (to fix detected errors).

Kaspersky Endpoint Security 10 for Windows (for workstations and file servers)

  • Microsoft Windows Server 2012 R2 Foundation / Essentials / Standard / Datacenter x64.
  • Microsoft Windows Server 2012 Foundation / Essentials / Standard / Datacenter x64.
  • Microsoft Small Business Server 2011 Essentials / Standard x64.
  • Windows MultiPoint Server 2011 x64.
  • Microsoft Windows Server 2008 R2 Foundation / Standard / Enterprise / Datacenter x64 SP1.
  • Microsoft Windows Server 2008 Standard / Enterprise / Datacenter x64 SP2.
  • Microsoft Small Business Server 2008 Standard / Premium x64.

See the article for other server platform support limitations.

  • VMWare ESXi 6.0.0 3620759.
  • Microsoft Hyper-V 3.0.
  • Citrix XenServer 7.0.
  • Citrix XenDesktop 7.13.

article.

  • Microsoft Windows Server 2008 R2 Standard / Enterprise x64 SP1.
  • Microsoft Windows Server 2008 Standard / Enterprise x64 SP2.

Server Platform Support Limitations

  • The ReFS file system is supported with limitations.
  • Server Core and Cluster Mode configurations are not supported.
  • Disk encryption (Kaspersky FDE) and file encryption are not supported on server platforms.

Supported virtual platforms

  • VMWare ESXi 6.0.0 3620759.
  • Microsoft Hyper-V 3.0.
  • Citrix XenServer 7.0.
  • Citrix XenDesktop 7.13.
  • Citrix Provisioning Services 7.13.

Features and limitations of virtual platform support

  • Full Disk Encryption (FDE) on virtual machines Hyper-V is not supported.
  • Full disk encryption (FDE) and file and folder encryption (FLE) are not supported on Citrix Virtual Platforms.
  • To support the compatibility of Kaspersky Endpoint Security for Windows with Citrix PVS, you must install with the option enabled Ensure compatibility with Citrix PVS. You can enable the option in the installation wizard or via the option command line/pCITRIXCOMPATIBILITY=1. For a remote installation, you need to edit the KUD file to add the /pCITRIXCOMPATIBILITY=1 option to it.

See the article for other features of virtual platform support.

Version 10.2.6.3733: Hardware and software requirements

General requirements

  • 1 GB of RAM.

Operating Systems

  • Microsoft Windows 10 Pro / Enterprise x86 / x64.
    Microsoft Windows 8.1 Pro / Enterprise x86 / x64.
  • Microsoft Windows 8 Pro / Enterprise x86 / x64.
  • Microsoft Windows 7 Professional / Enterprise / Ultimate x86 / x64 SP1 and above.
  • Microsoft Windows 7 Professional / Enterprise / Ultimate x86 / x64.
  • Microsoft Windows Server 2016 Standard / Essentials x64.
  • Microsoft Small Business Server 2011 Standard x64.

Supported virtual platforms

  • VMWare ESXi 5.5.0 2718055 Update 2.
  • Citrix XenServer 6.5.
  • Citrix XenDesktop 7.8.

Server Platform Support Limitations

  • The ReFS file system is supported with limitations.
  • Server Core and Cluster Mode configurations are not supported.
  • Disk encryption (Kaspersky FDE) and file encryption are not supported on server platforms.

Supported virtual platforms

  • Citrix XenServer 6.2.
  • Citrix XenDesktop 7.5.

Features and limitations of virtual platform support

Version 10.2.5.3201: Hardware and software requirements

For normal functioning Kaspersky Endpoint Security 10 for windows computer must meet the following requirements:

General requirements

  • Processor Intel Pentium 1 GHz or higher.
  • 1 GB of RAM.
  • 2 GB free space on the hard drive.

Software and hardware requirements for workstations

  • Microsoft Windows 10 Pro x86 / x64.
  • Microsoft Windows 10 Enterprise x86 / x64.
  • Microsoft Windows Vista x86 / x64 SP2 and above.
  • Microsoft Windows XP Professional x86 SP3 or higher.
  • Microsoft Windows Server 2019 x64.
  • Microsoft Windows Server 2016 Standard / Essentials x64.
  • Microsoft Windows Server 2012 R2 Foundation / Standard / Essentials x64.
  • Microsoft Windows Server 2012 Foundation / Standard / Essentials x64.
  • Microsoft Small Business Server 2011 Standard x64.
  • Microsoft Windows MultiPoint Server 2011 x64.
  • Microsoft Small Business Server 2008 Standard / Premium x64.
  • Microsoft Windows Server 2008 R2 Foundation / Standard / Enterprise x64 SP1 and above.
  • Microsoft Windows Server 2008 Foundation / Standard / Enterprise x86 / x64 SP2 and above.
  • Microsoft Windows Server 2003 R2 Standard / Enterprise x86 / x64 SP2 or higher.
  • Microsoft Windows Server 2003 Standard / Enterprise x86 / x64 SP2.
  • Microsoft
  • Microsoft
  • Microsoft Windows Embedded Standard 7* x86 / x64 SP1.
  • Microsoft Windows Embedded POSReady 7* x86 / x64.

Features and limitations of support for embedded operating systems

  • Operating Microsoft systems Windows Embedded 8.0 Standard x64 (Standard 8) or Microsoft Windows Embedded 8.1 Industry x64 (Industry 8.1) is recommended for devices with RAM from 2 GB.
  • File Encryption (FLE) and hard drives(FDE) in embedded operating systems not supported.

Supported virtual platforms

  • VMWare ESXi 5.5.0 2718055 Update 2.
  • VMWare ESXi 5.5.0 3568722 Update 3b.
  • VMWare ESXi 5.5.0 2718055 Update 2.
  • Microsoft Hyper-V 3.0 (Windows Server 2012 R2).
  • Citrix XenServer 6.5.
  • Citrix XenDesktop 7.8.
  • Citrix Provisioning Server 7.8.

Server Platform Support Limitations

  • The ReFS file system is supported with limitations.
  • Server Core and Cluster Mode configurations are not supported.
  • Disk encryption (Kaspersky FDE) and file encryption are not supported on server platforms.

Microsoft Windows 8.1 Support Limitations

  • Not supported windows update 8 to 8.1.
  • Limited Support file system ReFS for iSwift / iChecker technology.
  • The function to hide Kaspersky Endpoint Security 10 in the start menu is not supported.

Supported virtual platforms

  • VMWare ESXi 5.5.0 1623387 Update 1.
  • VMWare ESXi 5.5.0 2068190 Update 2.
  • Microsoft Hyper-V 3.0 (Windows Server 2012).
  • Citrix XenServer 6.2.
  • Citrix XenDesktop 7.5.
  • Citrix Provisioning Server 7.1.

Features and limitations of virtual platform support

  • To maintain compatibility of Kaspersky Endpoint Security with Citrix PVS, you must install with the "Ensure compatibility with Citrix PVS" option enabled. The option can be enabled in the installation wizard or via the /pCITRIXCOMPATIBILITY=1 command line option. For a remote installation, edit the kud file to include the /pCITRIXCOMPATIBILITY=1 option.
  • Installation on a computer running Microsoft Windows XP running on Citrix XenDesktop is not supported.
  • Imaging using Target Device from computers running Microsoft Windows XP and Microsoft Windows Vista is not supported. installed by Kaspersky Endpoint Security 10 Service Pack 1.

Version 10.2.4.674: Hardware and software requirements

For normal operation of Kaspersky Endpoint Security 10 for Windows, the computer must meet the following requirements:

General requirements

  • Processor Intel Pentium 1 GHz or higher.
  • 2 GB of free hard disk space.
  • Microsoft Internet Explorer 7.0 and above.
  • Microsoft Windows Installer 3.0 and above.
  • Internet connection to activate the program, update databases and program modules.

Software and hardware requirements

  • Microsoft Windows 10 TH2 Pro version 1511 x86 / x64.
  • Microsoft Windows 10 TH2 Enterprise version 1511 x86 / x64.
  • Microsoft Windows 8.1 Pro x86 / x64.
  • Microsoft Windows 8.1 Enterprise x86 / x64.
  • Microsoft Windows 8 Pro x86 / x64.
  • Microsoft Windows 8 Enterprise x86 / x64.
  • Microsoft Windows 7 Professional x86 / x64 SP1 and above.
  • Microsoft Windows 7 Enterprise / Ultimate x86 / x64 SP1 and above.
  • Microsoft Windows 7 Professional x86 / x64.
  • Microsoft Windows 7 Enterprise / Ultimate x86 / x64.
  • Microsoft Windows Vista x86 / x64 SP2 and above.
  • Microsoft Windows XP Professional x86 SP3 or higher.
  • Microsoft Windows Server 2012 R2 Standard / Essentials / Enterprise x64.
  • Microsoft Windows Server 2012 Foundation / Standard / Essentials x64.
  • Microsoft Small Business Server 2011 Standard / Essentials x64.
  • Microsoft Windows MultiPoint Server 2011 x64.
  • Microsoft Windows Server 2008 R2 Standard / Enterprise / Foundation x64 SP1 and above.
  • Microsoft Windows Server 2008 R2 Standard / Enterprise / Foundation x64.
  • Microsoft Windows Server 2008 Standard / Enterprise x86 / x64 SP2 and above.
  • Microsoft Small Business Server 2008 Standard / Premium x64.
  • Microsoft Windows Server 2003 R2 Standard / Enterprise x86 / x64 SP2 or higher.
  • Microsoft Windows Server 2003 Standard / Enterprise x86 / x64 SP2 or higher.
  • Microsoft Windows Embedded 8.0 Standard x64.
  • Microsoft Windows Embedded 8.1 Industry Pro x64.
  • Microsoft Windows Embedded Standard 7 x86 / x64 SP1.
  • Microsoft Windows Embedded POSReady 7 x86 / x64.

Features and limitations of support for embedded operating systems

  • Operating systems Microsoft Windows Embedded 8.0 Standard x64 (Standard 8) or Microsoft Windows Embedded 8.1 Industry x64 (Industry 8.1) are recommended for use on devices with 2 GB or more RAM.
  • File encryption (FLE) and hard drive encryption (FDE) are not supported on embedded operating systems.

Server Platform Support Limitations

  • The ReFS file system is supported with limitations.
  • Server Core and Cluster Mode configurations are not supported.
  • Disk encryption (Kaspersky FDE) and file encryption are not supported on server platforms.

Microsoft Windows 8.1 Support Limitations

  • Windows 8 to 8.1 upgrade is not supported.
  • Limited ReFS support for iSwift / iChecker technology.
  • The function to hide Kaspersky Endpoint Security 10 in the start menu is not supported.

Supported virtual platforms

  • VMWare ESXi 5.5.0 1623387 Update 1.
  • VMWare ESXi 5.5.0 2068190 Update 2.
  • Microsoft Hyper-V 3.0 (Windows Server 2012).
  • Citrix XenServer 6.2.
  • Citrix XenDesktop 7.5.
  • Citrix Provisioning Server 7.1.

Features and limitations of virtual platform support

  • To maintain compatibility of Kaspersky Endpoint Security with Citrix PVS, you must install with the "Ensure compatibility with Citrix PVS" option enabled. The option can be enabled in the installation wizard or via the /pCITRIXCOMPATIBILITY=1 command line option. For a remote installation, edit the kud file to include the /pCITRIXCOMPATIBILITY=1 option.
  • Installation on a computer running Microsoft Windows XP running on Citrix XenDesktop is not supported.
  • Imaging using Target Device from computers running Microsoft Windows XP and Microsoft Windows Vista with Kaspersky Endpoint Security 10 Service Pack 1 installed is not supported.

Version 10.2.2.10535MR1: Hardware and software requirements

For normal operation of Kaspersky Endpoint Security 10 for Windows, the computer must meet the following requirements:

General requirements

  • Processor Intel Pentium 1 GHz or higher.
  • 1 GB of free RAM.
  • 2 GB of free hard disk space.
  • Microsoft Internet Explorer 7.0 and above.
  • Microsoft Windows Installer 3.0 and above.
  • Internet connection to activate the program, update databases and program modules.

Operating Systems

  • Microsoft Windows 8.1 Pro x86 / x64.
  • Microsoft Windows 8.1 Enterprise x86 / x64.
  • Microsoft Windows 8 Pro x86 / x64.
  • Microsoft Windows 8 Enterprise x86 / x64.
  • Microsoft Windows 7 Professional x86 / x64 SP1 and above.
  • Microsoft Windows 7 Enterprise / Ultimate x86 / x64 SP1 and above.
  • Microsoft Windows 7 Professional x86 / x64.
  • Microsoft Windows 7 Enterprise / Ultimate x86 / x64.
  • Microsoft Windows Vista x86 / x64 SP2 and above.
  • Microsoft Small Business Server 2011 Standard x64.
  • Microsoft Windows Server 2012 R2 Standard x64.
  • Microsoft Windows Server 2012 Foundation / Standard x64.
  • Windows Embedded 8.0 Standard x64.
  • Windows Embedded 8.1 Industry Pro x64.

Features and limitations of support for embedded operating systems

  • Operating systems Microsoft Windows Embedded 8.0 Standard x64 (Standard 8) or Microsoft Windows Embedded 8.1 Industry x64 (Industry 8.1) are recommended for use on devices with 2 GB or more RAM.
  • File encryption (FLE) and hard drive encryption (FDE) are not supported on embedded operating systems.

Server Platform Support Limitations

  • The ReFS file system is supported with limitations.
  • Server Core and Cluster Mode configurations are not supported.

Microsoft Windows 8.1 Support Limitations

  • Windows 8 to 8.1 upgrade is not supported.
  • Limited ReFS support for iSwift / iChecker technology.
  • The function to hide Kaspersky Endpoint Security 10 in the start menu is not supported.

Supported virtual platforms

  • VMWare ESXi 5.5.0 1623387 Update 1.
  • VMWare ESXi 5.5.0 2068190 Update 2.
  • Microsoft Hyper-V 3.0 (Windows Server 2012).
  • Citrix XenServer 6.2.
  • Citrix XenDesktop 7.5.
  • Citrix Provisioning Server 7.1.

Features and limitations of virtual platform support

  • To maintain compatibility of Kaspersky Endpoint Security with Citrix PVS, you must install with the "Ensure compatibility with Citrix PVS" option enabled. The option can be enabled in the installation wizard or via the /pCITRIXCOMPATIBILITY=1 command line option. For a remote installation, edit the kud file to include the /pCITRIXCOMPATIBILITY=1 option.
  • Installation on a computer running Microsoft Windows XP running on Citrix XenDesktop is not supported.
  • Imaging using Target Device from computers running Microsoft Windows XP and Microsoft Windows Vista with Kaspersky Endpoint Security 10 Service Pack 1 installed is not supported.

Version 10.2.2.10535: Hardware and software requirements

For normal operation of Kaspersky Endpoint Security 10 for Windows, the computer must meet the following requirements:

General requirements

  • Processor Intel Pentium 1 GHz or higher.
  • 1 GB of free RAM.
  • 2 GB of free hard disk space.
  • Microsoft Internet Explorer 7.0 and above.
  • Microsoft Windows Installer 3.0 and above.
  • Internet connection to activate the program, update databases and program modules.

Operating Systems

  • Microsoft Windows 8.1 Update Pro x86 / x64.
  • Microsoft Windows 8.1 Update Enterprise x86 / x64.
  • Microsoft Windows 8.1 Pro x86 / x64.
  • Microsoft Windows 8.1 Enterprise x86 / x64.
  • Microsoft Windows 8 Pro x86 / x64.
  • Microsoft Windows 8 Enterprise x86 / x64.
  • Microsoft Windows 7 Professional x86 / x64 SP1 and above.
  • Microsoft Windows 7 Enterprise / Ultimate x86 / x64 SP1 and above.
  • Microsoft Windows 7 Professional x86 / x64.
  • Microsoft Windows 7 Enterprise / Ultimate x86 / x64.
  • Microsoft Windows Vista x86 / x64 SP2 and above.
  • Microsoft Small Business Server 2011 Essentials x64.
  • Microsoft Small Business Server 2011 Standard x64.
  • Microsoft Small Business Server 2008 Standard x64.
  • Microsoft Small Business Server 2008 Premium x64.
  • Microsoft Windows Server 2012 R2 Standard x64.
  • Microsoft Windows Server 2012 Foundation / Standard x64.
  • Microsoft Windows MultiPoint Server 2011 x64.
  • Microsoft Windows Server 2008 R2 Standard x64 SP1 and above.
  • Microsoft Windows Server 2008 R2 Standard x64.
  • Microsoft Windows Server 2008 R2 Enterprise x64 SP1 and above.
  • Microsoft Windows Server 2008 R2 Enterprise x64.
  • Microsoft Windows Server 2008 R2 Foundation x64 SP1 or later.
  • Microsoft Windows Server 2008 R2 Foundation x64.
  • Microsoft Windows Server 2008 Standard x86 / x64 SP2 and above.
  • Microsoft Windows Server 2008 Enterprise x86 / x64 SP2 and above.
  • Microsoft Windows Server 2003 R2 Standard x86 / x64 SP2 or later.
  • Microsoft Windows Server 2003 R2 Enterprise x86 / x64 SP2 and above.
  • Microsoft Windows Server 2003 Standard x86 / x64 SP2.
  • Microsoft Windows Server 2003 Enterprise x86 / x64 SP2 or later.
  • Windows Embedded 8.0 Standard x64.
  • Windows Embedded 8.1 Industry Pro x64.
  • Windows Embedded Standard 7 with SP1 x86 / x64.
  • Windows Embedded POSReady 7 x86 / x64.

Features and limitations of support for embedded operating systems

  • Operating systems Microsoft Windows Embedded 8.0 Standard x64 (Standard 8) or Microsoft Windows Embedded 8.1 Industry x64 (Industry 8.1) are recommended for use on devices with 2 GB or more RAM.
  • File encryption (FLE) and hard drive encryption (FDE) are not supported on embedded operating systems.

Server Platform Support Limitations

  • The ReFS file system is supported with limitations.
  • Server Core and Cluster Mode configurations are not supported.

Microsoft Windows 8.1 Support Limitations

  • Windows 8 to 8.1 upgrade is not supported.
  • Limited ReFS support for iSwift / iChecker technology.
  • The function to hide Kaspersky Endpoint Security 10 in the start menu is not supported.

Supported virtual platforms

  • VMWare ESXi 5.5.0 1623387 Update 1.
  • VMWare ESXi 5.5.0 2068190 Update 2.
  • Microsoft Hyper-V 3.0 (Windows Server 2012).
  • Citrix XenServer 6.2.
  • Citrix XenDesktop 7.5.
  • Citrix Provisioning Server 7.1.

Features and limitations of virtual platform support

  • To maintain compatibility of Kaspersky Endpoint Security with Citrix PVS, you must install with the "Ensure compatibility with Citrix PVS" option enabled. The option can be enabled in the installation wizard or via the /pCITRIXCOMPATIBILITY=1 command line option. For a remote installation, edit the kud file to include the /pCITRIXCOMPATIBILITY=1 option.
  • Installation on a computer running Microsoft Windows XP running on Citrix XenDesktop is not supported.
  • Imaging using Target Device from computers running Microsoft Windows XP and Microsoft Windows Vista with Kaspersky Endpoint Security 10 Service Pack 1 installed is not supported.

This article is about antivirus software. For the application of heuristics in usability evaluation, see heuristic evaluation.

Heuristic analysis is a technique used by many computer anti-virus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild".

Heuristic analysis is an expert-based analysis that determines the susceptibility of a system to a particular threat/risk using various decision rules or weighting methods. Multicriteria analysis (MCA) is one of the means of weighting. This method is different from statistical analysis, which relies on available data/statistics.

operation

Most anti-virus programs that use heuristic analysis of the execution of this feature by executing programming commands from a questionable program or script in a specialized virtual machine, thereby allowing the anti-virus program to internally simulate what would happen if a suspicious file were to be executed while storing the suspicious code. isolated from the real world of the machine. It then analyzes commands as they are executed, monitors common virus activities such as replication, file overwrites, and attempts to hide the existence of a suspicious file. If one or more virus-like actions are detected, the suspicious file is marked as a potential virus, and the user is alerted.

Another common heuristic analysis technique for an antivirus program is to decompile a suspicious program and then analyze the machine code contained within. The source code of a suspicious file is compared with the source code of known viruses and virus-like activities. If a certain percentage of source code matches the code of a known virus or virus-like activity, the file is flagged, and the user is alerted.

efficiency

Heuristic analysis can detect many previously unknown viruses and new variants of current viruses. However, heuristic analysis works based on experience (comparing the suspicious file with the code and function of known viruses). This means that you are more likely to miss new viruses that contain previously unknown methods work was not found in one of the known viruses. Therefore, the performance is quite low in terms of accuracy and false positives.

As new viruses are discovered by human researchers, information about them is added to the engine's heuristic analysis, thus providing the engine with a means to detect new viruses.

What is heuristic analysis?

Heuristic analysis is a method of detecting viruses by analyzing the code of suspicious properties.

Traditional virus detection methods involve detecting malware by comparing the code in a program with that of known types of viruses that have already been encountered, analyzed, and recorded in a database - known as signature detection.

While useful and still in use, the signature detection method has also become more limited, due to the development of new threats that exploded around the turn of the century and continue to emerge all the time.

To solve this problem, a heuristic model has been specifically designed to identify suspicious signs that can be found in unknown, new viruses and modified versions of existing threats, as well as known malware samples.

Cybercriminals are constantly developing new threats, and heuristic analysis is one of the few methods used to combat the sheer volume of these new threats seen daily.

Heuristic analysis is also one of the few methods capable of fighting polymorphic viruses - a term for malicious code that is constantly changing and adapting. Heuristic analysis included advanced security solutions offered by companies such as Kaspersky Labs to detect new threats before they cause harm, without the need for a specific signature.

What does heuristic analysis work?

Heuristic analysis allows the use of many different techniques. One heuristic technique, known as static heuristic analysis, involves decompiling a suspicious program and examining its source code. This code is compared with viruses that are already known and found in heuristic databases. If any percentage of the source code matches an entry in the heuristic database, the code is flagged as a possible threat.

Another technique is known as dynamic heuristics. When scientists want to analyze something suspicious without endangering people, they keep the substances in a controlled environment, like a secure lab and testing. This process is similar for heuristic analysis - but also in the virtual world.

It isolates suspicious programs or a piece of code inside a specialized virtual machine - or sandbox - and gives antivirus program a chance to test the code and simulate what would happen if a suspicious file was allowed to run. It examines each command as it works and looks for any suspicious behaviors such as self-replicating, overwriting files, and other actions that are common to viruses. Potential Issues

Heuristic analysis is ideal for identifying new threats, but to be effective heuristics must be carefully fine-tuned to ensure best detection new threats, but without generating false positives on completely innocent code.

Changes in the conditions and tasks of the development of business entities, determined by modern economic situations and the challenges of the time, have a fundamental impact on the methods of substantiating management decisions, organizing management processes and methods for assessing the effectiveness of decisions.

Considering that "the method of economic analysis is understood as a dialectical way of approaching the study of economic processes in their formation and development," changes in product life cycles, technological structures, types of business and the depth of ongoing transformations require a significant reform of economic analysis methods.

Considering the need to clearly define their competitive advantage and their consolidation for a long period, organizations pay special attention to development strategies, putting forward strategic guidelines (for example: mastering leadership positions in the market, ensuring customer loyalty, increasing the social significance of the organization), which have clear qualitative characteristics. Their quantitative parameters are often very conditional and cannot be directly assessed.

Analysis and justification of trends in these groups of indicators require a significant change even in such traditional methods analysis, such as comparison, detailing, grouping, etc., but more often involve the use of other methods of analysis, often purely logical.

The development of methods of economic analysis was particularly influenced by the possibility of multiple solutions, each of which is irrational, and sometimes impossible to calculate in detail. This determined the accelerated use of new accounting methods. So, for example, for a long-term, strategic analysis, it is much more efficient to use the marginal method of calculating costs, which, for all its conventionality, allows you to form an optimal range of products. Accounting and analysis of the full cost of certain types of products are carried out only for the assortment items included in the production plan.

Since in the conditions of innovative development all stages of the reproduction cycle are significantly intensified, it often becomes necessary to ensure the parallel implementation of its individual stages. Many authors focus on assessing the behavior of individual indicators at different stages of the reproduction cycle, highlighting leading indicators. This is typical, first of all, for the work of a managerial orientation in the formation of panels of development indicators. However, this approach to the classification of indicators is becoming more common.

To objectify the assessment of the organization's development opportunities and determine its production, economic and financial potential, it is important that the changes in indicators correspond to the stages of the reproduction cycle: growth - during the period of recovery; decrease or increase - during the recession; stability - during the period of stagnation, etc. In this regard, procyclical, countercyclical and acyclic indicators are distinguished, the dynamics of which is practically not related to the reproductive cycle.

The complication of classifications of the system of indicators involves the logical development and refinement of traditional methods of analysis.

Thus, when using the comparison method, the comparison of the main financial and economic characteristics for a long period becomes increasingly important, as this allows you to identify cyclic fluctuations characteristic of different types of business processes. Horizontal analysis uses a qualitative comparison of the sources of funds raised and changes in individual groups of the organization's assets, i.e. combination of horizontal and vertical analysis.

With the further development of economic analysis, it is important to classify indicators according to their role in making and justifying decisions of different classes and levels. In this regard, for each decision, a target indicator is allocated, the factors that determine its level, and, which is especially important for the objectivity of the decisions made, the restrictions in which decisions are made.

Deterministic methods of analysis, including factor analysis, still prevail, but at the same time they are actively supplemented by methods of lengthening and expanding characteristics, which is associated with the specification of indicators-factors, taking into account their significance.

In factor analysis, it is necessary to identify links between changes in factor indicators and the need to best use available resources or the introduction of new resources, and this requires additional funding. For this purpose, this group of indicators is divided into factors of extensive and intensive growth, which is especially important for assessing the financial strength of an organization and assessing its economic potential.

Thus, in modern conditions, the professional judgment of an analyst is becoming increasingly important when setting goals and choosing methods of economic analysis.

Gradually, more and more methods of logical heuristic analysis are being used, based on professional judgment, experience and intuition of specialists, their individual or collective conclusions. Among them, we can distinguish evaluation and evaluation-search methods of analysis (Fig. 2.2)

Rice. 2.2.

Heuristic methods are widely used in personnel management, management organization and the choice of organizational behavior.

Conditions that predetermine the need to use heuristic methods:

  • o qualitative character background information, described using economic and social parameters, the lack of sufficiently representative and reliable information on the characteristics of the object of study;
  • o large uncertainty in the initial data for analysis;
  • o lack of a clear subject description and mathematical formalization of the subject of assessment;
  • o inexpediency and lack of time and funds for research using formal models at the first stages of substantiating management decisions;
  • o absence technical means with appropriate characteristics for analytical modeling;
  • o extreme nature of the analyzed situation.

Heuristic methods of analysis are a special group of methods for collecting and processing information, based on the professional judgment of a group of specialists. They are often called creative.

The basis for the application of heuristic methods are expert assessments of the considered processes, operations, results.

Expert methods of analysis are methods of organizing work with expert experts and processing their opinions. To solve many analytical problems, it is required to have an independent opinion (opinions), i.e. attracting experts. Information received from experts cannot be considered ready for use, it must be processed and only then used to make managerial decisions.

When organizing the work of experts, it is necessary:

  • - select qualified experts;
  • - Interrogate experts and get the information of interest to the analyst;
  • - determine the methods of processing and interpreting information received from experts.

When selecting experts, one should take into account their competence and professional skills in the field of activity that is to be studied, the ability to think creatively, and the ability to work in a group (if several experts are involved).

When recruiting experts, it is advisable to be guided by such requirements as:

  • o high level of general erudition;
  • o possession of special knowledge in the analyzed area;
  • o the presence of a certain practical and (or) research experience on the problem under consideration;
  • o the ability to adequately assess the development trends of the object under study;
  • o lack of bias, interest in a specific result of the assessment.

Members of the group in this case may be equal or have a different rank, which is taken into account when deriving the results of the examination.

The method of the expert commission is based on the development by specially selected experts of a single collective opinion when discussing the problem posed and alternatives for solving it as a result of certain compromises.

When using the method of the expert commission, not only the statistical processing of the results of the individual scoring of all experts is carried out, but also the exchange of views on the results of the examination, the refinement of the estimates. The disadvantage is the strong influence of authorities on the opinion of the majority of participants in the examination.

The conclusions obtained from the analysis based on heuristic methods have a rationale and can take the form of: direct assessment (beneficial, harmful, acceptable, unacceptable); definitions of assumptions, i.e. selection of priority or most successful solutions (this can be revealed through the ranking of assumptions, their scoring, etc.); selection of specific activities for competitive development. Quite often, the expert group includes professional consultants - professionals in the analyzed area.

Depending on the goals and focus, the expert group may be homogeneous or include representatives of different groups of specialists, and sometimes just interested persons. For example, when developing a technical solution at the first stage, only specialists of the relevant profile are included in the group of experts. When forming a group of experts to analyze technological developments, it includes: technologists who can professionally evaluate the technical novelty of the solution; economists evaluating the effectiveness of the solution; mechanics that can evaluate the feasibility of implementation new technology on the existing production base; workers - executors of new technology.

When assessing the quality of products and the demand for them, the expert group includes not only commodity experts, but also manufacturers and consumers of products.

In practice, there are enough difficult ways formation of a group of experts:

  • o according to formal criteria - the specialty, length of service, length of stay in one team, as well as psychological assessments of the individual according to the sociological service of the organization (if any), are taken into account, for example, the ability to think creatively, constructive thinking, etc.;
  • o based on the self-assessment of the person obtained during the questionnaire, the future expert himself evaluates his capabilities, including qualifications, analytical and constructive thinking, the ability to adapt to certain situations, etc. Complemented by a special psychological selection of experts to determine the level of their self-esteem - low, high or adequate;
  • o based on the assessment of persons associated with the applicant, professional and personal qualities a specialist is evaluated by specialists of a similar profile, consumers of services, employees implementing the expert's decisions;
  • o random selection (sampling), if many people can act as experts (for example, consumers of products and services).

Quite often, when analyzing the activities of an economic entity, the group of experts includes managers different levels and workers. For example, this is how a group of experts is formed when choosing a strategy for the development of production, changing the incentive system, reforming accounting and reporting, and restructuring organizational structures.

Thus, both formal and psychological methods are widely used in the selection of experts, and heuristic methods are often called psychological.

When interviewing experts, individualized and group methods can be used. With an individual survey, work with each expert is carried out separately, which allows the expert to express his opinion independently of the others. In a group survey, experts work in groups, agree on their opinions and develop a common expert conclusion based on a single position. Group methods are preferable from the point of view of increasing the reliability of the examination, but are more complex.

The information obtained in the course of an expert survey must be processed by special or traditional methods of analysis, after which it can be used to make managerial decisions.

There are many ways to obtain expert assessments: Delphi methods, control questions, risk assessment, scenarios, business games, SWOT analysis, functional cost analysis (FSA), etc.

The Delphi method is a remote and anonymous survey of an expert group (5-10 people) in several rounds with the agreement of experts' opinions. Each expert is assigned a specific task, for example, to determine the direction of development of the enterprise. Experts fill out questionnaires on the problem under study. The results of each intermediate round of the survey are presented to the participants of the examination in the form of averaged statistical values. When receiving answers from experts, different situations may arise:

  • a) all experts came to the same opinion;
  • b) the opinion of experts is divided.

In the first case, the opinion of experts is accepted as the result of solving the problem, in the second case, the examination process will be continued.

The method of control questions is the search for an analytical solution using a specially prepared list (list) of leading questions. The advantage of this method lies in its simplicity and versatility. Control questions are compiled on the basis of the experience of already solved problems, which ensures the effectiveness of the method.

The use of the method of control questions is implemented in several stages:

  • 1) a task is formulated, in the solution of which control questions will be used;
  • 2) a list of control questions is compiled that is most appropriate for the nature of the problem being solved, and each of them is considered in order to use the information contained in it to solve the problem;
  • 3) all ideas that can be used in solving the problem are considered;
  • 4) ideas are selected with the help of which it is possible to solve the task, and a program of activities is developed.

Typically, analysts use a table containing in each row a question (parameter) and answer options (parameter values) for a particular aspect of the analysis. Answering the questions posed, the analyst makes a mark in the column corresponding to his conclusion. The table, as a rule, is constructed in such a way that the marks in the columns on the left demonstrate the weaknesses of the object of study, and on the right - strengths or special abilities. Regular use such tables allows you to determine the trends in the change of the subject of analysis over time and compare its position in relation to other objects of analysis.

Questionnaires significantly reduce the time required for analysis, reduce the dependence of its results on the analyst's skill level. When using this method, more correct results are obtained than with a scoring, which is explained by the following circumstances. Instead of assigning points, the expert chooses the statement that most clearly characterizes the object of assessment. Answers can be presented with quantitative data, for example, reflecting the age of an employee, or characterize the trend in any parameter (growth, fall), give an assessment ("excellent", "satisfactory", etc.).

Choice by comparison, as a rule, is more accurate than direct measurement, when in a particular situation each expert has his own concept of the optimal state of the estimated parameters.

Experience shows that it is not possible to create effective questionnaires initially. Analysts need to be prepared for the fact that only after repeated surveys and a thorough analysis of the assessment results and analytical documents, it is possible to create methods that contain not only universal initial lists of dictionaries, but also highly specialized questionnaires for certain categories of employees with similar tasks that reflect the essence of relationships and activities. of people.

The scenario method is a set of techniques and procedures for the preparation and implementation of any economic decisions. The method is used primarily for expert forecasting. It is useful in selecting the goals of the organization and forecasting when the organization is not satisfied with the current situation and there is a need to expand the business.

The scenario is developed by a group of specialists of the organization and contains a description of the sequence of steps leading to the predicted state of the organization, as well as the factors and events that have a decisive influence on this process. The starting point for scenario development is an accurate assessment of the current situation of the organization, based on a retrospective analysis of activities. Such an assessment leads to an understanding of the dynamics of the influence of factors on production processes and what factors provide an increase in activity, and which ones - its decline. For unmanaged developmental factors, special assessments should be made.

Stages of script development:

  • 1) determination of the system of indicators, on the basis of which the scenario of the development of the organization will be formed;
  • 2) highlighting the factors that determine the development of the organization;
  • 3) identification of development trends;
  • 4) development of alternative development scenarios and selection of the main development option.

Business games. The most common form of a business game is modeling the analyzed processes and the future development of the predicted phenomenon in different versions and reviewing the data obtained. Business games are used both in the educational process and in production. Games that are held in teams of organizations are called organizational and activity (organizational). In a certain way, they include the ideology of Delphi methods and scripts.

All participants in the game are divided into groups, each group is invited to write a scenario for the development of events in the organization. The group is led by an expert whose task is to ensure that the members of the group do not deviate from the established task. The next day, a conference is held, at which a representative of each group makes a presentation, which reflects the group's vision of the development of events in the organization. Members of other groups actively participate in the discussion of the report and try to convince others that their perspective is more specific and convincing. At the end of the day, the head of the game and the experts sum up the results of the conference and draw the attention of the team to the lack of consensus on the issues discussed. The groups disperse and prepare a new script. The next day, a conference is again held, at which new reports are heard. Experts should lead the participants to ensure that they achieve their goals together. When it manifests itself at conferences, ie. most of the reports express the unity of opinion, the participants in the game stop working in groups and develop a common scenario as a single team. As a result of the game, team building takes place, which can serve as the basis for successful activity.

To ensure the accuracy of risk assessment, the maximum spread of their assessment is allowed, i.e. provides a more stringent approach to the consistency of expert opinion.

One of the most common heuristic methods is the analogy method, when a group of experts considers a possible method for resolving a problem or looking for the cause of the current situation, based on the past experience of their own or similar business entities. In this case, the experts think over their experience and the situations they had to face, and, based on it, suggest ways to solve the problem, finding out the causes of the current situation and ways to eliminate them.

Naturally, in this case, the use of materials describing similar situations in different periods and at different sites is of great help. They can be obtained from periodicals, scientific literature, as well as from the minutes of meetings of the founders, the board of directors, meetings of departments and specialized groups working in the organization. Of considerable interest from this point of view is the bank of situations analyzed and summarized by specialized consulting firms. Such data banks are created in many consulting firms of the world. It should be noted that the first steps in the creation of similar materials were made in the 1980s. at consulting firms of the USSR. Currently, this work is ongoing in the Association of Scientific Consultants of Russia and consulting firms.

In the event that experts receive materials from situations that develop in other objects, their task is to select those that are similar in principle to the one being solved, i.e. the similarity of the object, situation, goals pursued by the analysis is evaluated. After such a selection, the possibility of using experience in resolving the problem and the readiness of the facility to implement specific measures are determined: the state of the production and technical base, qualifications of personnel, the availability of financial resources and the possibility of attracting them, the period for resolving the problem, etc.

The method of analogies only allows to determine the main directions of economic analysis and needs a deeper analysis using quantitative methods at the next stages. However, the preliminary use of such a method prevents an unreasonably detailed analysis in a direction that does not reveal the main causes of the current situation. The method of analogies is often called synectic.

The group of methods using evaluation criteria includes target evaluation, "web", typology and repertory grids.

Target assessment - assessment of objects of analysis according to certain criteria (components of the target system). When using it:

  • o criteria (components of the target system) for evaluating alternatives are selected;
  • o all decision options for each criterion are assigned a preference rank ( serial number acceptability);
  • o for each alternative, the total rank is calculated for all criteria;
  • o the options are ranked according to the total rank.

The method of multi-criteria comparison of alternatives is also a graphic quantitative-qualitative method "web". It can be used in all cases when it is advisable to evaluate the objects of analysis according to various quantitative and qualitative characteristics. The main advantage of the method is the visualization of the results of the analysis, which is especially valuable when presenting research materials not to narrow specialists, but to managers.

Heuristic methods of analysis, involving both the generation of options for analytical solutions and their evaluation, include: brainstorming (brainstorming), commissions and conferences, a bank of ideas, a collective notebook, active sociological tested analysis and control, functional cost analysis, business games and etc.

The method of brainstorming can give a great effect for the analysis of particularly complex situations. Brainstorming is the free generation of ideas from a group of interested experts. As a rule, effective brainstorming is quite short (no more than an hour). Not only highly qualified specialists can take part in it, but also young people who are able to make unexpected extraordinary proposals. However, for the results of a brainstorming session to be of real use, it is important that the decision-makers participate in it. In this case, having systematized the proposals of the participants, you can immediately discard some of them as ideal, and discuss the rest in more detail with specialists of the corresponding profile.

The selection of ideas is carried out gradually. At the first stage, none of them is discarded and, as a rule, no assessments are made at all. Then the ideas are evaluated by the level of sophistication, timing and cost of implementation, efficiency, etc. At the second stage of the analysis, one or more of the previously discussed methods for evaluating and choosing solutions can be used. Brainstorming can be integral part analytical work, especially in prospective analysis.

Brainstorming is a way to find new solutions to a problem situation. It is based on the separation in time of the process of searching for ideas and evaluating them. This is a relatively quick and economical way of analysis, designed to resolve the difficulties and contradictions that management personnel have encountered or are likely to encounter in the near future, as well as to eliminate bottlenecks that hinder the development of the management system. The method is effective in solving non-traditional strategic search problems. Brainstorming should be organized when the problem does not lend itself to a traditional solution. First of all, we are talking about structural policy, improving existing ways work.

The method of commissions and conferences is the most common form of group work, during which ideas are freely put forward and criticized. It is based mainly on the habit acquired in the process of numerous meetings and discussions of critical evaluation of new and insufficiently substantiated ideas. The disadvantage of the method is that analysts in their judgments are initially focused on compromise, which increases the risk of obtaining distorted analysis results.

The collective notebook method ensures that independent ideas are put forward by team members, followed by evaluation of proposals. To this end, each member of the team receives a notebook in which the essence of the analyzed issue is outlined, the necessary auxiliary and reference materials are provided (for example, workflow diagrams, job descriptions etc.).

During a predetermined time, they write down the results of the analysis and proposals in their notebooks, and at the end they evaluate their ideas, highlighting the best ones. Notebooks are handed over to the coordinator to prepare a summary note. Evaluation of group analytical alternatives is carried out by any of the previously considered methods of evaluation.

The collective notebook method is convenient in cases where it is impossible to organize long-term joint work, to attract experienced consultants. To use the method, it is necessary to have creatively thinking, experienced specialists in the organization's team.

Such a method of work as a bank of ideas involves accessing a file cabinet or an automated database created in the course of practical activities. These storages collect and systematize the most interesting examples problem solving. This includes both original and typical variants with an assessment of their applicability. The method can be useful in solving search problems of current (more often) and strategic (less often) analysis.

The method of active sociological tested analysis and control (MASTAK) consists in the development and application of a manual containing specific recommendations for improving the activities of users of this material. The game team method for developing a manual involves several steps:

  • 1) the organizer announces a topic for developing recommendations based on the results of the analysis, for example: "Organizational structure of the enterprise";
  • 2) each of the members of the expert group, within a predetermined time, formulates recommendations on the specified topic, trying to work them out stylistically accurately and clearly;
  • 3) each expert in turn calls the number of his recommendation (first, second, etc.) and reads it out loud. The remaining members of the team put down the score for this recommendation. The system of points can be arbitrary - from 7 to 10, but pre-established by the organizer. If the evaluating members of the group consider the recommendation to be extremely useful, they give it one of the highest scores; if it is absurd, they indicate zero points. The next developer then reads their recommendation. And so on until all the differing advices are announced and evaluated. The organizer makes sure that everyone calls the numbers and the order is observed;
  • 4) the coordinator collects all the proposals of the group members, calculates the total score of each recommendation, distributes the proposals by headings, placing them inside the headings in the sequence corresponding to the descending of the points received. Recommendations that receive an insignificant number of points compared to other proposals are excluded from consideration.

A special place in heuristic methods is occupied by SWOT analysis. The name of the analysis consists of the first letters of expressions: strength - strength, weakness - weakness, opportunity - opportunity, threats - risks and restrictions.

This method, which is a special kind of expert methods, has shown high efficiency in developing solutions in systems that are characterized by dynamism, controllability, dependence on internal and external factors, cyclicity, etc.

SWOT analysis is the definition of the strengths and weaknesses of the organization, as well as the opportunities and threats emanating from its market environment (external factors). These components mean:

  • o strengths - the advantages of the organization;
  • o weaknesses - shortcomings of the organization;
  • o opportunities - factors external environment, the use of which will create advantages for the organization in the market;
  • o threats - factors that can potentially worsen the position of the organization in the market.

Conducting a SWOT analysis comes down to filling out a matrix, in the corresponding cells of which the strengths and weaknesses of the organization are reflected, as well as market opportunities and threats (Fig. 2.3).

Stages of conducting a SWOT analysis:

  • 1) a group of enterprise specialists is selected who will act as experts during the SWOT analysis, and a team leader is appointed;
  • 2) at the meeting of the group, a system of indicators is determined by which each component of the analysis will be evaluated;
  • 3) questionnaires are prepared to evaluate the selected indicators for each component of the analysis;
  • 4) a survey of experts is conducted and an assessment of each indicator is derived;
  • 5) ratings are ranked for each component of the analysis;
  • 6) based on the ranking, an organization development strategy is developed.

Rice. 2.3.

Filling in the matrix is ​​a complex process that requires highly qualified experts. This is due to the fact that the same indicator of the organization's performance can be both a threat and an opportunity. But when the matrix is ​​completed and the consensus of experts is expressed, the organization has enough complete information about the situation in which it is located in order to determine its prospects.

To make the matrix more objective, when filling it out, it is necessary to characterize all aspects of the organization's activities, including production, financial, marketing, organizational, and investment. With this approach, SWOT analysis will allow you to choose the best path for the development of the organization, avoid dangers and make the most efficient use of available resources.

As noted, in recent years, considerable attention has been paid to the use of functional cost analysis (FCA) as a method of systematic study of the functions of an object (product, process, structure), aimed at minimizing costs at all stages. life cycle while maintaining (improving) the quality and usefulness of the object for consumers.

FSA gives the greatest results at the stage of product development. But this type of analysis can also be applied when the product is already on the market. This is due to the need to support the competitiveness of products, and at this stage, the use of FSA helps to improve its cost characteristics.

FSA aims to detect, prevent, reduce or eliminate unnecessary costs. This is achieved through a comprehensive study of the functions performed by the object, and the costs required for their implementation. In this case, it is customary to distinguish:

  • o main functions - ensure the operability of the object;
  • o auxiliary functions - contribute to the implementation of the main functions or supplement them;
  • o unnecessary functions - do not contribute to the performance of basic functions, but, on the contrary, worsen technical specifications or economic indicators of the object.

Feature detection requires high vocational training experts, knowledge of the essence of the object under study and methods of analysis.

The work of experts is built, as a rule, on the basis of a list of control questions.

When conducting the FSA, it is customary to distinguish several stages: preparatory, informational, analytical, creative, research, advisory and implementation.

At the first two stages, general preparation for the FSA is carried out: the object of analysis is specified; a group of competent specialists is selected to solve the task; collection and generalization of data on the object under study are carried out.

At the next three stages, the object under study is detailed into functions, they are classified and the cost of each of them is determined; tasks are solved to combine functions, eliminate unnecessary functions, reduce the cost of the elements of the object and select the most realistic options in terms of their implementation.

At the final two stages, all the necessary documentation for the selected version of the improved object is prepared, its economical effect and a report on the results of the FSA is issued.

The main thing in conducting the FSA is the analytical stage, at which the functions of the object (product) are studied in detail and the possibilities of reducing the costs of their implementation by eliminating or regrouping (if possible) secondary and unnecessary functions are analyzed.

Reducing costs as a result of the FSA can have a significant impact on profits at all stages of the development of the organization. If we assume that as a result of the FSA, the costs of the product at the stage of its development were reduced, then it will enter the market with a lower cost.

Thus, the use of heuristic methods of analysis makes it possible to effectively conduct both current and strategic analysis in an unstable operating environment and high innovative development of organizations; give a balanced assessment of the property, financial condition of the organization and justify the prospects for its development.