Verdicts

WildFire delivers verdicts to identify samples it analyzes as safe, malicious, or unwanted (grayware is considered obtrusive but not malicious):
  • Unknown—Initial verdict for a sample for which WildFire has received but has not analyzed.
  • Benign—The sample is safe and does not exhibit malicious behavior.
  • Malware—The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, botnets, and malicious macros. For files identified as malware, WildFire generates and distributes a signature to prevent against future exposure to the threat.
  • Grayware—The sample does not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware typically includes adware, spyware, and Browser Helper Objects (BHOs).
  • No Connection—Verdict assigned to a sample when WildFire cannot be reached.
When WildFire is not available or integration is disabled, Traps can also assign a local verdict for the sample using additional methods of evaluation: When Traps performs Local analysis on a file, it uses machine learning to determine the verdict. Traps can also compare the signer of a file with a local list of Trusted signers to determine whether a file is malicious:
  • Local analysis verdicts:
    • Benign—Local analysis determined the sample is safe and does not exhibit malicious behavior.
    • Malware—The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, botnets, and malicious macros.
  • Trusted signer verdicts:
    • Trusted—The sample is signed by a trusted signer.
    • Not Trusted—The sample is not signed by a trusted signer.

Related Documentation