Glossary

Definitions of key terms used across the Vile Analyziz platform. Each term has an anchor link you can share directly (e.g., /docs/glossary#trust-score).

A

Analysis: The process of examining a file through multiple detection engines, metadata extractors, and behavioral analyzers to produce a comprehensive trust report. Each analysis counts toward your monthly quota.
API Key: A credential for programmatic access to the platform. API keys are scoped to specific permissions (such as upload and files.read) and tied to your organization. Available on Pro plans and above.
Approval Rule: A policy that automatically classifies files as approved, blocked, or requiring review based on configurable criteria such as trust score thresholds, vendor allowlists, file categories, or detection results.
Approval Status: The governance state of a file after evaluation against your organization's approval rules. Possible values are approved (meets all criteria), blocked (fails one or more rules), and pending review (requires manual decision).

B

Behavioral Analysis: Detection of suspicious runtime behaviors, capabilities, and indicators within a file. This includes analysis of system calls, network activity patterns, file system operations, and privilege escalation attempts inferred from the file's code and structure.

C

Caution (Verdict): A verdict assigned to files with a trust score between 50 and 79. Files with a caution verdict have some concerning signals but are not definitively malicious. Manual review is recommended before deploying or trusting the file.
Clean (Verdict): A verdict assigned to files with a trust score of 80 or above. Clean files have strong positive signals. valid code signatures, known vendors, no threat detections. and are considered low risk.
Code Signing: Cryptographic verification of a software publisher's identity. A valid code signature confirms that the file was produced by the claimed publisher and has not been tampered with since signing. Signature validity is a significant factor in trust score computation.
Content Classification: Automated categorization of file contents into functional groups such as "productivity software," "security tool," "game," or "system utility." The platform recognizes 65+ canonical categories based on file metadata, structure, and behavioral indicators.

D

Detection Engine: A component in the analysis pipeline that identifies threats, suspicious patterns, or security-relevant characteristics in files. Multiple detection engines run in parallel, each specializing in different threat types and file formats.

E

Endpoint Agent: A lightweight background service installed on Windows, Linux, or macOS machines that monitors specified directories for new files and automatically submits them for analysis. Agents report to the centralized dashboard and can operate in monitor or enforce mode.
Enforcement Mode: Controls how an endpoint agent responds to blocked files. In monitor mode, blocked files are logged but remain accessible. In enforce mode, blocked files are automatically moved to quarantine. Administrators can toggle the mode per agent or fleet-wide.
Enrollment Code: A short-lived token generated from the portal that links a new endpoint agent to your organization during setup. Codes expire quickly for security and should be used promptly after generation.

F

File Category: A high-level classification of a file's format type, such as executable, document, script, archive, package, email, media, font, configuration, or web asset. File category determines which analysis engines and extraction methods are applied.
Fleet: The collection of all endpoint agents enrolled in your organization. Fleet management includes monitoring agent status, assigning scan policies, toggling enforcement modes, and issuing remote commands from the centralized Agents dashboard.

H

Hash (SHA-256): A unique 64-character hexadecimal fingerprint computed from the contents of a file. SHA-256 hashes are used for file identification, deduplication, integrity verification, and blocklist matching. Two files with different contents will always have different hashes.
High Risk (Verdict): A verdict assigned to files with a trust score below 50. High-risk files have significant threat signals, missing or invalid signatures, or other strong negative indicators. These files should not be executed or deployed without thorough manual review.

I

Integration: A connection to an external service that enhances or extends the platform's capabilities. Integrations include threat intelligence providers for richer detection data, AI services for content summarization, SIEM connectors for log forwarding, and webhooks for automated workflows.

K

Key Findings: An auto-generated summary of the most important signals from a file's analysis. Key findings highlight the factors that most influenced the trust score, such as threat detections, signature issues, suspicious behaviors, or noteworthy metadata.

P

Presigned URL: A temporary, scoped URL used for secure file transfer. When uploading a file, the API returns a presigned URL that allows you to upload the file bytes directly to secure storage without exposing credentials. Presigned URLs expire after a short period.

Q

Quarantine: Isolated storage on an endpoint where blocked files are placed when an agent operates in enforce mode. Quarantined files are removed from their original location and held securely until an administrator restores or permanently deletes them.

R

Re-analysis: The process of re-submitting a previously analyzed file through the analysis pipeline to obtain updated results. Re-analysis uses the latest detection capabilities and enrichment data. Each re-analysis counts toward your monthly quota.

S

Sanctioned App: Software that your organization has explicitly approved or prohibited through the sanctioned apps list. When a file matches a sanctioned app entry, it receives an automatic sanctioned status (approved or prohibited) regardless of its trust score.
Scan Policy: A configuration that controls endpoint agent scanning behavior including watched directories, included file types, scan interval, and maximum file size. Policies are created in the portal and assigned to individual agents or groups.
Score Breakdown: A detailed view of the five weighted components that make up a file's trust score: signature validity, vendor reputation, software category, threat signals, and metadata quality. Each sub-score includes a label, weight, value, and human-readable description.
Security Signals: Visual indicators on the analysis report that highlight file security properties at a glance. Signals include code signing status, packer detection, known vendor match, threat detections, behavioral flags, and policy compliance status.
SSO (Single Sign-On): Federated authentication that allows your team to sign in using your organization's existing identity provider rather than separate credentials. SSO is available on Business and Enterprise plans and supports standard federation protocols.

T

Tenant: An organization account on the platform. Each tenant has its own users, agents, API keys, policies, and analysis data. Data is strictly isolated between tenants. no organization can access another's files, results, or configuration.
Trust Score: A composite score from 0 to 100 indicating the assessed safety and trustworthiness of a file. The score combines five weighted dimensions: signature validity, vendor reputation, software category risk, threat detection results, and metadata quality. Higher scores indicate lower risk.

V

Vendor Intelligence: Enrichment data about the company or individual that published a piece of software. Includes company profile, industry, size, breach history, known product catalog, and reputation signals. Vendor intelligence helps you evaluate the trustworthiness of the source, not just the file.
Verdict: The overall assessment assigned to a file based on its trust score. There are three verdicts: clean (score 80+, low risk), caution (score 50–79, review recommended), and high risk (score below 50, significant concerns). Each verdict includes human-readable reasoning explaining the key contributing factors.

W

Webhook: An HTTP callback that delivers analysis results to your server as soon as they are ready. Configure a webhook URL in Settings to receive a POST request with the full analysis payload for each completed file. Webhooks are available on Business and Enterprise plans.

Related Resources

Understanding Reports : learn how to read and interpret analysis results.
API Quickstart : get started with the API in five minutes.
Endpoint Agents : deploy and manage agents across your fleet.
FAQ : answers to frequently asked questions.