- Malicious files being sent over various protocols and can be detected by VSAPI
- Network worms and attacks can be detected by NVE
- NVE detections have custom protocols in TDA that begin with “Network Virus Pattern”
- It cannot be assumed that a machine is infected simply because it downloaded a VSAPI-detected file. It is possible that it was not executed or it was caught by an endpoint security solution.
However, if the direction is internal for VSAPI or NVE detections, then the source host is likely to be infected and propagating malware to the destination host.
- If there is no detectionname, then the log is not for a detection, but rather a debug message meaning that a constraint was met (file corrupted or too large to scan).
Need More Help?
Create a technical support case if you need further support.
Rule ID 0 on the Threat Discovery Appliance (TDA)
Thank you for your feedback!