Triage uses 1 - 10 scoring to reflect whether something is malicious or not. The following is an explanation of what each score means and what can cause this score.
Note: it is important to look at the actual signatures that were triggered. The score is determined by these.
- A malware family was detected.
One or more known damaging malware attack patterns were detected.
- The deleting of shadow copies on Windows.
Shows suspicious behavior
One or more suspicious actions were detected. The detected actions can be malicious, but also have (common) benign uses.
- Changing file permissions.
- Anti-VM behavior/trying to detect a VM.
One or more interesting behaviors were detected. The detected actions are interesting enough to be notified about, but are not directly malicious.
No (potentially) malicious behavior was detected.
The report is incomplete or something went wrong, this could also occur in static reports