Skip Navigation

Threats

Selecting this option will log any newly found threats, or changes observed for any existing threat, to the syslog server. Changes include a threat being removed, quarantined, waived, or executed.
Field
Value
Description
Auto Run
False
The threat is not set to automatically run when the system starts.
True
The threat is set to automatically run when the system starts.
Unknown
It cannot be determined if the threat is set to Auto Run or not.
Cylance Score
Ranges from 1 to 100
A file with a score ranging from 1 to 59 is considered Abnormal.
A file with a score ranging from 60 to 100 is considered Unsafe.
Detected By
ExecutionControl
Execution Control
BackgroundThreatDetection
Background Threat Detection
FileWatcher
Watch for New Files
NotAvailable
Not Available
RunningModuleScan
Running Module Scan
Device Name
[varies]
This is the name of the device on which the threat was found.
Drive Type
[varies]
This is the type of drive or storage device the threat originated from, if known. The drive type includes: CDROM, Fixed, Network, None, No Root Directory, RAM, and Removable.
Event Name
threat_found
A new threat has been found in an Unsafe state.
threat_cleared
An existing threat has been cleared (removed). This occurs when a threat_removed event is generated.
threat_quarantined
A new threat has been found in the Quarantined status.
threat_waived
A new threat has been found in the Waived status.
threat_changed
The behavior of an existing threat has changed (examples: score, quarantine status, running status).
corrupt_found
A file is classified as corrupt because the file appears to be malformed and cannot run, or the file may contain a malformed file structure.
Event Type
Threat
This is a Threat event.
File Name
[varies]
This is the name of the threat (file).
File Owner
[varies]
This is the owner of the threat (file).
File Type
Archive
The file is an archive file.
Executable
The file is a Windows executable.
Linuxexe
The file is a Linux executable.
MacOSExe
The file is a macOS executable.
Ole
The file is a Microsoft Office file.
Pdf
The file is a PDF (Portable Document Format).
Unknown
The file type could not be determined.
Found Date
[varies]
This is the date and time the threat was found on the device.
IP Address
[varies]
This is the IP address or IP addresses for the device.
Is Malware
False
The threat is not classified as malware (Threat Classification).
True
The threat is classified as malware (Threat Classification).
Is Running
False
The threat is not running.
True
The threat is currently running.
Is Unique to
False
The threat is not unique to
Cylance
.
True
The threat is unique to
Cylance
(has not been identified by other antivirus products).
MD5
[varies]
This is the MD5 hash for the file.
Path
[varies]
This is the path to the file.
SHA256
[varies]
This is the SHA256 hash for the file.
Status
Abnormal
The threat is considered Abnormal.
Cleared
The threat was cleared by deleting the threat, either using the Console or on the endpoint.
Corrupt
The file is corrupt or otherwise invalid.
Quarantined
The file has been quarantined by either adding it to the Global Quarantine List or quarantining it on a specific endpoint.
Unsafe
The threat is considered Unsafe.
Waived
The file has been waived by either adding it to the Global Safe List or allowing it to run on a specific endpoint.
Threat Classification
File Unavailable
The file is unavailable due to an upload constraint (example: file is too large to upload), the file is unavailable for analysis.
Malware
The file is classified as malware.
Possible PUP
The file might be a potentially unwanted program (PUP).
PUP
The file is considered a potentially unwanted program (PUP).
Trusted
The file is considered trusted.
Unclassified
Cylance
has not analyzed this file.
Zone Names
[varies]
These are the names of the zones where the threat was found.
Example message for threat events
BlackBerry Protect Desktop
: Event Type: Threat, Event Name: threat_found, Device Name: SH-Win81-1, IP Address: (10.3.0.132), File Name: virusshare_00fbc4cc4b42774b50a9f71074b79bd9, Path: c:\ruby\host_automation\test\data\test_files\, Drive Type: None, File Owner: SH-Win81-1\Exampleuser, SHA256: 1EBF3B8A61A7E0023AAB3B0CB24938536A1D87BCE1FCC6442E137FB2A7DD510B, MD5: , Status: Unsafe, Cylance Score: 100, Found Date: 6/1/2015 10:57:42 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher), Zone Names: (Script Test,Server Test), Is Malware: False, Is Unique to Cylance: False, Threat Classification: File Unavailable