Verdicts

WildFire delivers verdicts to identify samples it analyzes as safe, malicious, or unwanted (grayware is considered obtrusive but not malicious):
  • Unknown
    —Initial verdict for a sample for which WildFire has received but has not analyzed.
  • Benign
    —The sample is safe and does not exhibit malicious behavior.
  • Malware
    —The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, botnets, and malicious macros. For files identified as malware, WildFire generates and distributes a signature to prevent against future exposure to the threat.
  • Grayware
    —The sample does not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware typically includes adware, spyware, and Browser Helper Objects (BHOs).
  • No Connection
    —Verdict assigned to a sample when WildFire cannot be reached.
When WildFire is not available or integration is disabled, Traps can also assign a local verdict for the sample using additional methods of evaluation: When Traps performs Local analysis on a file, it uses machine learning to determine the verdict. Traps can also compare the signer of a file with a local list of Trusted signers to determine whether a file is malicious:
  • Local analysis verdicts:
    • Benign
      —Local analysis determined the sample is safe and does not exhibit malicious behavior.
    • Malware
      —The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, botnets, and malicious macros.
  • Trusted signer verdicts:
    • Trusted
      —The sample is signed by a trusted signer.
    • Not Trusted
      —The sample is not signed by a trusted signer.

Recommended For You