Interpreting Scan Results: Detailed Signature Information

 

provides a large amount of information about every signature in order to allow administrators to make informed decisions about the risk of each signature.  To see the details of a signature, select the signature in the top window and view the results in the bottom window.

 

As illustrated in the following figure, the Signature Details pane provides an abundance of information about the selected signature.

 

 

 

Status

Indicates if the spyware signature is detected (and currently exists on the machine) or if it has been remediated (removed).

 

Category

The category the spyware signature belongs to: Spyware, MalWare, AdWare, NonBizWare, or Protection.

 

Class

The particular class of spyware the signature belongs to: Keylogger, Emailer, Dialer, etc. See Spyware Classes for a detailed description of the different classes.

 

Risk Rating

There are four severity levels based on the perceived threat of the particular piece of spyware.

 

(Red) The danger associated with this piece of spyware is Critical in nature.

(Orange) This piece of spyware is Important to remove.

(Yellow) The related vulnerability is of Moderate severity.

(Gray) While it poses a security risk, the risk associated with this piece of spyware is deemed to be Low.

Criticality

Criticality is the user supplied threat and severity level associated with a particular vulnerability. The threat posed by a particular signature may vary from organization to organization. Therefore, provides a mechanism to allow the administrator to assign a custom level of criticality for each signature.  Criticality can be assigned by clicking Add and choosing one of the options from the shortcut menu that comes up.  If you assign a custom criticality to a signature, the flag color will change and the 'Add' text will now read 'Change'.

 

(Red) Critical

(Orange) High

(Yellow) Medium

(Gray) Low

(White) Ignore

(Clear) Criticality not set

 

Impact Areas

Identifies the machine functions that are affected by the spyware signature. The list can contain one or more of the following:

  • Confidentiality

  • Integrity

  • Availability

  • Non-Business

  • Productivity

 

Mechanisms

Identifies the mechanism(s) used by the spyware signature to infect the machine.

 

Comments

Provides an area for you to make comments about the signature.  To add or edit a comment, click Add/Edit Comment.

 

 

Tabs

At the bottom of the Signature Details pane are three tabs.  The first tab -- Signature Info -- is described above.  The Detected tab lists the machines in the selected scan that contain the signature and that are vulnerable. The Remediated tab identifies the machines from which the signature has been removed.

 

Rootkits

If the selected signature contains a rootkit, an additional comment or warning will be displayed. For example:

 

 

Spyware signatures that contain rootkits are extremely dangerous and difficult to remove. See Manually Removing Spyware for more information.