Files that have been analyzed by Cylance will have a Classification (like Malware, Dual Use, or PUP - Potentially Unwanted Program). File classifications can be seen on the Threat Details page or the Device Details page (under Threat Activity).
Below is a list of possible classifications for each threat, along with a brief description.
UNKNOWN (Blank Entry)
The file has not been analyzed by the Cylance research team yet. Once the file is analyzed, the classification for the file will be updated.
Trusted - Local
The file has been analyzed by the Cylance research team and it is considered safe (not malicious). You can add a file classified as Trusted - Local to your Safe List (Settings > Global Lists). This will allow the file to run on any of your devices and will not generate any additional alerts.
A Potentially Unwanted Program (PUP) is a file that itself may not be malicious, but it can be used in a way that puts you at risk. If you trust the file, you can allow it to run or block it on a per device basis (Allow or Quarantine Threat). You can also add the file to the Safe List to allow it to run on any device you manage. PUPs are divided into subclasses to help you determine if the file should be allowed to run or blocked.
|Adware||Technologies that provide annoying advertisements (example: pop-ups) or provide bundled third-party add-ons when installing an application. This usually occurs without adequate notification to the user about the nature or presence of the add-on, control over installation, control over use, or the ability to fully uninstall the add-on.||Gator, Adware Info|
|Corrupt||Any executable file that is malformed and unable to run.|
|Game||Technologies that create an interactive environment with which a player can play.||Steam Games, League of Legends|
|Generic||Any PUP that does not fit into an existing category.|
|HackingTool||Technologies that are designed to assist hacking attempts.||Cobalt Strike, MetaSp0it|
|Portable Application||Program designed to run on a computer independently, without needing installation.||Turbo|
|Scripting Tool||Any script that is able to run as if it were an executable.||AutoIT, py2exe|
|Toolbar||Technologies that place additional buttons or input boxes on-screen within a UI.||Nasdaq Toolbar, Bring Me Sports|
|Other||Is a category for things that don't fit anything else, but are still PUPs. There are a lot of different PUPs, most of which aren't malicious but several that should still be brought to your attention, usually because the files have potentially negative uses or can negatively impact your systems.|
Dual Use is a file that can be used for malicious and non-malicious purposes. Use caution if you allow this type of file to run on your devices. For example: PsExec.exe is an IT tool that can gain remote access to another computer to help troubleshoot issues, but it can also be used to execute malicious files on another system. If you find PsExec.exe on your devices, and you did not intentionally put it there, the file should be quarantined just like malware.
|Crack||Technologies that can alter (or crack) another application in order to bypass licensing limitations or Digital Rights Management protection (DRM).|
|Generic||Any Dual Use tool that does not fit into an existing category.|
|KeyGen||Technologies which can generate or recover/reveal product keys that can be used to bypass Digital Rights Management (DRM) or licensing protection of software and other digital media.|
Technologies that track a user's online activities without awareness of the user by logging and possibly transmitting logs of one or more of the following:
|Veriato 360, Refog Keylogger|
Technologies that can reveal a password or other sensitive user credentials either by cryptographically reversing passwords or by revealing stored passwords.
|l0phtcrack, Cain & Abel|
Technologies that can access another system remotely and administer commands on the remote system, or monitor user activities without user notification or consent.
|Putty, PsExec, TeamViewer|
Programs that offer administrative features but can be used to facilitate attacks or intrusions.
|Nmap, Nessus, P0f|
The Cylance research team has definitively identified the file as malware, the file should be removed or quarantined as soon as possible. Malware is divided into subclasses (see below).
|Backdoor||Malware that provides unauthorized access to a system, bypassing security measures.||Back Orifice, Eleanor|
|Bot||Malware that connects to a central Command and Control (C&C) botnet server.||QBot, Koobface|
|Downloader||Malware that downloads data to the host system.||Staged-Downloader|
|Dropper||Malware that installs other malware on a system.|
|Exploit||Malware that attacks a specific vulnerability on the system.|
|FakeAlert||Malware that masquerades as legitimate security software to trick the user into fixing fake security problems at a price.||Fake AV White Paper|
|Generic||Any malware that does not fit into an existing category.|
|InfoStealer||Malware that records login credentials and/or other sensitive information.||Snifula|
|Ransom||Malware that restricts access to system or files and demands payment for removal of restriction, thereby holding the system for ransom.||CryptoLocker, CryptoWall|
|Remnant||Any file that has Malware remnants after trying to remove it.|
|Rootkit||Malware that enables access to a computer while shielding itself or other files to avoid detection and/or removal by administrators or security technologies.||TDL, Zero Access Rootkit|
|Trojan||Malware that disguises itself as a legitimate program or file.||Zeus|
|Virus||Malware that propagates by inserting or appending itself to other files.||Sality, Virut|
|Worm||Malware that propagates by copying itself to another device.||Code Red, Stuxnet|