Auto Run

False

The threat is not set to automatically run when the system starts.

True

The threat is set to automatically run when the system starts.

Unknown

It cannot be determined if the threat is set to auto run or not.

Cylance Score

Ranges from 1 to 100

A file with a score ranging from 1 to 59 is considered Abnormal.

A file with a score ranging from 60 to 100 is considered Unsafe.

Detected By

ExecutionControl

The threat is detected by execution control.

BackgroundThreatDetection

The threat is detected by background threat detection.

FileWatcher

The threat is detected when scanning new or modified executable files.

NotAvailable

The threat detection information is not available.

RunningModuleScan

The threat is detected by running a module scan.

Device Name

[varies]

This is the name of the device that the threat was found on.

Drive Type

[varies]

This is the type of drive or storage device the threat originated from, if known. The drive type includes: CDROM, Fixed, Network, None, No Root Directory, RAM, and Removable.

Event Name

threat_found

A new threat has been found in an unsafe state.

threat_cleared

An existing threat has been cleared (removed). This occurs when a threat_removed event is generated.

threat_quarantined

A new threat has been found in the quarantined status.

threat_waived

A new threat has been found in the waived status.

threat_changed

The behavior of an existing threat has changed (examples: score, quarantine status, running status).

corrupt_found

A file is classified as corrupt because the file appears to be malformed and cannot run, or the file may contain a malformed file structure.

Event Type

Threat

This is a threat event.

File Name

[varies]

This is the name of the threat (file).

File Owner

[varies]

This is the owner of the threat (file).

File Type

Archive

The file is an archive file.

Executable

The file is a Windows executable.

Linuxexe

The file is a Linux executable.

MacOSExe

The file is a macOS executable.

Ole

The file is a Microsoft Office file.

Pdf

The file is a PDF.

Unknown

The file type could not be determined.

Found Date

[varies]

This is the date and time that the threat was found on the device.

IP Address

[varies]

This is the IP address or IP addresses for the device.

Is Malware

False

The threat is not classified as malware (Threat Classification).

True

The threat is classified as malware (Threat Classification).

Is Running

False

The threat is not running.

True

The threat is currently running.

Is Unique To

False

The threat is not uniquely identifiable by Aurora Protect Desktop.

True

The threat is uniquely identifiable by Aurora Protect Desktop.

MD5

[varies]

This is the MD5 hash for the file.

Path

[varies]

This is the path to the file.

Policy Name

[varies]

This is the name of the devicy policy.

SHA256

[varies]

This is the SHA256 hash for the file.

Status

Abnormal

The threat is considered abnormal.

Corrupt

The file is corrupt or otherwise invalid.

File Removed (delete)

The file was removed from the console.

Quarantined

The file has been quarantined because an administrator added it to the global quarantine list or quarantined it on a specific device.

Unsafe

The threat is considered unsafe.

Waived

The administrator waived the file, allowing it to run on a specific device.

Threat Classification

[Threat class] - [Threat subclass] - [Threat family name]

The threat classification indicates the threat class, threat subclass, and threat family name. The possible class and subclass values are detailed below. The value of family name varies depending on the nature of the threat.

[Threat class] values

Dual Use

The file can be used for malicious and non-malicious purposes.

File Unavailable

The file is unavailable for analysis. For example, the file is too large to upload.

Malware

The file has been identified as malicious.

Possible PUP

The file might be a potentially unwanted program (PUP).

PUP

The file has been identified as a possible potentially unwanted program (PUP).

Trusted

The file has been identified as safe.

[Threat subclass] values

Adware

The file has advertisements or unwanted bundled add-ons.

Backdoor

The file provides unauthorized access.

Bot

The file contains malware that connects to a botnet server.

Corrupt

The file is malformed or unable to run.

Crack

The file is altered to bypass licensing.

Downloader

The file contains malware that downloads data.

Dropper

The file contains malware that installs other malware.

Exploit

The file attacks a specific vulnerability.

Fake Alert

The file contains malware that appears to be legitimate security software.

Fake AV

The file contains malware that appears to be legitimate security software.

Game

This is a game file.

Generic

This file does not fit into any existing category.

Hacking Tool

This file is a hacking tool.

Infostealer

This file records login credentials and other sensitive information.

Keygen

This file generates product keys.

Monitoring Tool

This file tracks a user’s activities.

Other

This is a category used for PUPs that don’t fit anything else.

Parasitic

This threat is spread by attacking other programs.

Pass Crack

This file is used to reveal passwords.

Portable Application

This file is designed to run without needing installation.

Ransom

This file restricts access.

Remnant

These are remnants post removal.

Remote Access

This file can access another system remotely.

Rootkit

This file avoids detection.

Scripting Tool

This is any script that can run as if it were an executable.

Tool

These are administrative features used to attack or intrude.

Toolbar

This is any technology that places additional buttons or input boxes on-screen.

Trojan

This file disguises itself as legitimate software.

Virus

This file inserts or appends itself to other files.

Worm

This file propagates by copying itself to another device.