Detection Risk Levels Parent topic

The following table explains the detected risk levels after investigation. View the table to understand why detected objects are classified as high, medium, low, or user-defined risk.

Risk Definitions

Risk Level
Description
High
High-risk detections have with malicious characteristics. A high-risk object contains:
  • Files with unknown threats detected as high risk by Virtual Analyzer Filter
  • Objects detected as high risk based on analysis by Trend Micro multi-layered threat detection
Medium
Medium-risk detections have characteristics that are most likely malicious. A medium-risk object contains:
  • Known malware
  • Known dangerous links
  • Objects detected as medium risk by Virtual Analyzer Filter
Low
Low-risk detections have suspicious characteristics. A low-risk object contains:
  • Known highly suspicious or suspicious links
  • Links detected as low risk by Virtual Analyzer
  • Files detected as low risk by Virtual Analyzer
  • URLs detected as low risk based on suspicious URL matching
Potential Threat
Potential Threat risk detections are recorded for samples submitted to the Virtual Analyzer sandbox. A Potential Threat risk object contains:
  • Suspicious detection results by Advanced Threat Scan Engine
  • Suspicious detection results by Script Analyzer Engine
  • Predictive Machine Learning Engine supported files and Community File Reputation query results that match the threshold
  • File types that must be submitted to the Virtual Analyzer sandbox
User Defined
An object that is blocked/receives warning under the following scenarios:
  • Untrusted server certificate
  • User-defined policy