What does an ‘Infected’ or 'Suspicious' scan result mean?
This article applies to all active MetaDefender Cloud license holders - whether your product is paid for or issued for evaluation purposes.
When conducting scans on the MetaDefender Cloud platform, your files may be flagged as either Suspicious or Infected, as illustrated in the screenshot below.
It is useful to understand the difference between the two distinct threat-positive results:
● Infected
‘Infected’ results are produced when the associated AV engine detects a known malware threat.
For most vendors, this finding is based on a comparison against their unique database of malware signatures.
● Suspicious
‘Suspicious’ results are produced when the associated AV engine does not detect a known malware threat but, through specialized testing such as heuristics and machine learning, it detects a new or unknown malware threat.
Once such a threat is detected and confirmed by the vendor, a new malware signature will be added to the associated AV engine’s definition database update, after which the same ‘Suspicious’ file will return an ‘Infected’ result.
A ‘Suspicious’ result may also indicate a false positive, in cases where the assumed threat is not representative of new or unknown malware.
Not all AV engines support ‘Suspicious’ results or unknown threat detection, which is why the multiscan solutions provided by MetaDefender Cloud are such an essential component of fail-safe cyber security.
For further information or guidance regarding a ‘Suspicious’ Scan Result, please open a Support Case with the OPSWAT team via phone, online chat or form, or feel free to ask the community on our OPSWAT Expert Forum.