I am now studying the technical docs related to the FortiEDR solution. The documentation specifically points out that its antimalware engine is SIGNATURELESS, which is pretty much different from conventional AV. Anyway, there must be some sort of heuristics (Indicators of Compromise, Indicators of Attack,...) built into the product. Obviously, these heuristics should regularly be actualized.
What confuses me a bit is that the docs explain in much detail how to update the software itself (from one version to another) but it says nothing as to how to update heuristics only (while leaving the program modules intact). Is there any mechanism of updating solely antimalware interception logic?
Any extra info on this would be very helpful.