Triage uses 1 - 10 scoring to reflect whether something is malicious or not. The following is an explanation of what each score means and what can cause this score.
Note: it is important to look at the actual signatures that were triggered. The score is determined by these.
- A malware family was detected.
One or more known damaging malware attack patterns were detected.
- The deleting of shadow copies on Windows.
Shows suspicious behavior
One or more suspicious actions were detected. The detected actions can be malicious, but also have (common) benign uses.
- Changing file permissions.
- Anti-VM behavior/trying to detect a VM.
One or more interesting behaviors were detected. The detected actions are interesting enough to be notified about, but are not directly malicious.