Which detects malware behavior through pattern recognition?

Pattern-based detection of malware is what heuristic scanning does. It analyzes files, processes, and code for suspicious characteristics and behavior—things that look like malware even if the exact sample isn’t in a known signature database. This allows catching new or modified threats, including variants that haven’t been seen before, by recognizing motifs and behavior that are typical of malicious software. Of course, this approach can sometimes flag legitimate software if it resembles a suspicious pattern, but it excels at identifying unknown malware instead of waiting for a signature to exist. The other options don’t describe this approach. Zero-day attacks refer to exploits against unpatched vulnerabilities, not a detection method. Contextual detections rely on surrounding context (such as user, device, or location) to assess risk, rather than identifying malware by pattern recognition. The WatchGuard Advanced Reporting Tool is a reporting/visibility feature, not a malware behavior detector.