Which term is described as observing for malware patterns using heuristics?

Observing for malware patterns using heuristics is about detecting suspicious on‑device behavior rather than relying on known file signatures. This approach watches how programs act and flags actions that look malicious, even if the specific malware sample hasn’t been seen before. That firsthand behavior monitoring is what Malware Behavior Detection does: it analyzes endpoint activity for patterns such as unusual file changes, unexpected process creation, attempts to modify security settings, or odd network calls, and raises alerts based on those heuristic patterns. Threat Hunting Service is a proactive investigation across environments to uncover threats, not the on-device heuristic monitoring itself. Decoy Files are bait placed to trap attackers, not a detection method. Indicators of Attack are signals or artifacts used to identify an attack after it happens, rather than the method of observing and flagging suspicious behavior with heuristics.