Advanced Threat Assessment Service 1.6 > Summary > About Risk Levels and Endpoint Statuses

About Risk Levels and Endpoint Statuses

The assessment tool scans system files, memory, and processes on endpoints to detect security threats. During a scan, the assessment tool rates each detected file or process and assigns a risk level to endpoints based on the aggregated ratings.

Examples:

Malware signatures
Known exploit code
Unsigned executable files
Memory residency
Connection to unknown network destinations; opening of ports

Table 1. Security Risk Levels
Risk Level	Description
High	A file or process that exhibits highly suspicious characteristics commonly associated with malware. An endpoint that contains one or more high-risk files or processes.
Medium	A file or process that exhibits moderately suspicious characteristics that are also associated with benign applications. An endpoint that contains one or more medium-risk files or processes.
Low	A file or process that exhibits mildly suspicious characteristics that are most likely benign. An endpoint that contains one or more low-risk files or processes.

Endpoints can have one of the following statuses.

Table 2. Endpoint Statuses
Status	Description
Normal	The assessment tool has completed a scan on an endpoint and the scan result was successfully sent to the Advanced Threat Assessment Service server.
Under Assessment	The assessment tool is performing a scan on an endpoint. The scanning process is performed in the background and does not affect user activity on an endpoint.
With Error	The server is unable to obtain the scan results from an endpoint due to an error. For example: An endpoint is shut down before a scan is complete. A scan is stopped before completion. The scan report is not sent to the server within the timeout period. The server is unable to communicate with an endpoint.