Views:
The following table explains the detected risk levels after investigation. View the table to understand why detected objects are classified as high, medium, low, or user-defined risk.

Risk Definitions

Risk Level
Description
High
High-risk detections have with malicious characteristics. A high-risk object contains:
  • Files with unknown threats detected as high risk by Virtual Analyzer Filter
  • Objects detected as high risk based on analysis by Trend Micro multi-layered threat detection
Medium
Medium-risk detections have characteristics that are most likely malicious. A medium-risk object contains:
  • Known malware
  • Known dangerous links
  • Objects detected as medium risk by Virtual Analyzer Filter
Low
Low-risk detections have suspicious characteristics. A low-risk object contains:
  • Known highly suspicious or suspicious links
  • Links detected as low risk by Virtual Analyzer
  • Files detected as low risk by Virtual Analyzer
  • URLs detected as low risk based on suspicious URL matching
Potential Threat
Potential Threat risk detections are recorded for samples submitted to the Virtual Analyzer sandbox. A Potential Threat risk object contains:
  • Suspicious detection results by Advanced Threat Scan Engine
  • Suspicious detection results by Script Analyzer Engine
  • Predictive Machine Learning Engine supported files and Community File Reputation query results that match the threshold
  • File types that must be submitted to the Virtual Analyzer sandbox
User Defined
An object that is blocked/receives warning under the following scenarios:
  • Untrusted server certificate
  • User-defined policy
Keywords: detection,risk levels