Root Cause Analysis Icons

The analysis chain shows object types using the following icons.

Icon

Name

Description

First observed object

Marks an object that most likely created the matched object

Matched criteria

Marks objects matching the investigation criteria

Normal object

Marks objects that have been verified to not pose a threat

These are usually common system files.

Unrated object

Marks objects that have not yet been rated

Suspicious object

Marks objects that exhibit behaviors that are similar to known threats

Malicious object

Marks objects that match a known threat

Boot

Objects that launch during system startup

Browser

Objects that are capable of displaying web pages, usually a web browser

Email

Objects identified as email messages

File

Objects identified as files on the disk

Network

Objects related to network connections or the Internet

Process

Objects that are processes running during the time of execution

Registry

Objects that are registry keys and values

Event

Indicates actions performed by the object

Association

Indicates relationships between two objects