The Scan results section can display the following results of alert scanning:
The names of the program modules or components that generated the alert.
One or multiple categories of the detected object. For example, the name of the virus can be shown: Virus.Win32.Chiton.i.
Versions of databases of Kaspersky Anti Targeted Attack Platform modules and components that generated the alert.
Results of alert scanning by program modules and components:
Anti-Malware Engine—Category of the detected object based on the anti-virus database. For example, the name of the virus can be shown: Virus.Win32.Chiton.i.
Sandbox—Results of a file behavior analysis performed by the Sandbox component.
You can view a detailed log of file behavior analysis in all operating systems by clicking the Download debug info link.
The file is downloaded in the form of a ZIP archive encrypted with the password “infected”. The name of the scanned file inside the archive is replaced by the file's MD5 hash. The file extension of file inside the archive is not displayed.
By default, the maximum hard drive space for storing file behavior scan logs is 300 GB in all operating systems. Upon reaching this limit, the program deletes the oldest file behavior scan logs and replaces them with new logs.
YARA—Category of the detected file in YARA rules (for example, the category name susp_fake_Microsoft_signer may be displayed).
Intrusion Detection System—Category of the detected object based on the Intrusion Detection System database. For example, the category Bot.AridViper.UDP.C&C might be displayed.
Targeted Attack Analyzer—Information about the results of file analysis using Targeted Attack Analyzer technology.
Name of the IOC file used to find the alert.
When selecting an IOC file, a window containing information about the alert is opened. The IOC section provides the XML code of the IOC file. The criterion by which the alert was generated is highlighted in yellow.
Name of the IOA rule used to find the alert.
Clicking the link displays information about the IOA rule. If the IOA rule was provided by Kaspersky Lab experts, it contains information about the MITRE technique corresponding to the alert, as well as recommendations for reacting to the event.
The MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) database contains descriptions of hacker behavior based on the analysis of real attacks. It is a structured list of known hacker techniques represented as a table.