Information in the Scan results section

The Scan results section can display the following results:

• The names of the application modules or components that generated the alert.
• One or multiple categories of the detected object. For example, the name of the virus can be shown: Virus.Win32.Chiton.i.
• Versions of databases of Kaspersky Anti Targeted Attack Platform modules and components that generated the alert.
• Results of alert scanning by application modules and components:
  • YARA is the result of streaming scans of files and objects received at the Central Node. The result includes the category of the detected file in YARA rules (for example, category name susp_fake_Microsoft_signer can be displayed).

    The Find on Kaspersky TIP button allows to find a file on the Kaspersky Threat Intelligence Portal.

    Kaspersky information system Contains and displays reputation information for files and URL addresses.

  • SB (Sandbox)—Results of the file behavior analysis performed by the Sandbox component.

    You can click Sandbox detection to open a window with detailed information about the results of file behavior analysis.

    The Find on Kaspersky TIP button allows to find a file on the Kaspersky Threat Intelligence Portal.

    You can download a detailed log of file behavior analysis in all operating systems by clicking Download debug info.

    The file is downloaded in the form of a ZIP archive encrypted with the password "infected". The name of the scanned file inside the archive is replaced by the file's MD5 hash. The file extension of file inside the archive is not displayed.

    By default, the maximum hard drive space for storing file behavior scan logs is 300 GB in all operating systems. Upon reaching this limit, the application deletes the oldest file behavior scan logs and replaces them with new logs.

  • URL (URL Reputation) is the category of a malicious, phishing URL or an URL that has been previously used by attackers for targeted attacks on corporate IT infrastructures.
  • AM (Anti-Malware Engine)—Category of the detected object based on the anti-virus database. For example, the name of the virus can be shown: Virus.Win32.Chiton.i.

    Click the link to display the category of the object in the Kaspersky Threats database.

    The Find on Kaspersky TIP button allows to find a file on the Kaspersky Threat Intelligence Portal.

    Click Download to download the file to your computer's hard drive.

  • AA (Aggregated Alerts) means the alert was created as a result of processing aggregate and nested NDR events received by Kaspersky Anti Targeted Attack Platform from third-party systems using the NDR API methods. The events are registered using the EXT technology.
  • NDR: IDS (Intrusion Detection System) means the alert was created as a result of processing an NDR event resulting from a detection of anomalies in traffic that indicate an attack (for example, an NDR event for a detection of ARP spoofing indicators). Corresponds to the name of the network traffic event that caused the alert to be created.
  • CASB (Cloud Access Security Broker) means the alert was created as a result of detecting an employee's request to a cloud service for which monitoring is enabled.

See also Viewing alerts Viewing alert details General information about an alert of any type Information in the Object information section Information in the Alert details section Information in the Information about scanning using NDR technologies section Information in the Information about KSMG scan section Information in the IDS rule section Information in the URL section Information in the IP addresses of detection-related devices section Information in the Network event section Scan results in Sandbox Information in the Change log section Sending alert data Viewing alert relations

Page top