Cylancescore represents the confidence level that the file poses a real danger to your environment. The higher the score, the greater the confidence level that the file can be used for malicious purposes. Based on the score, threats are considered either unsafe or abnormal.
Files that are identified as a potential threat will have their score displayed in red (unsafe or abnormal). Files that are identified as safe will have their score displayed in green. Under normal circumstances you will not see safe (green) files displayed in the console. Safe files that are shown in the console are typically displayed when the file has been added to your global quarantine list and quarantined on a device.
Files that would be considered unsafe/abnormal (red score) are treated as safe if you add the files to your global safe list and will not be displayed in the console.
Occasionally, a file may be classified as either unsafe or abnormal even if the score displayed doesn’t match the range for the score. This may be due to update findings or additional file analysis that may have been performed after the initial detection. For the most up-to-date threat analysis, enable auto upload in the policy.
Cylancescore is independent of threat classification. Most threat classifications are a manual process that is undertaken by a human threat researcher and assigned on a file-by-file basis. It is possible for a file to have a
Cylancescore but not have a classification until a later date.