Vile AnalyzizUnderstanding Your Analysis Report
Every file you upload produces a comprehensive trust report. This guide explains what each section means, how the trust score is calculated, and how to act on the findings.
Report Tabs
Each analysis report is organized into four tabs. Together they give you a complete picture of the file’s risk profile, from a high-level verdict down to raw technical metadata.
Overview
The first thing you see when you open a report. The Overview tab provides the verdict hero banner, key findings summary, radial score gauges for each analysis dimension, and security signal indicators.
- •Verdict hero with color-coded trust score (Clean, Caution, or High Risk)
- •Key findings summary highlighting the most important risk and trust signals
- •Radial gauges for each of the five score components
- •Security signals showing capabilities detected in the file
Enrichment
Third-party intelligence results, if you have connected external threat intelligence or AI enrichment services via your integrations settings. This tab shows community detection counts, sandbox verdicts, threat classifications, and AI-generated behavioral summaries.
- •Community detection data from connected threat intelligence services
- •Detection rule matches and threat family classifications
- •AI-powered content analysis and behavioral description (when configured)
Vendor & Company
Information about the software publisher behind the file. This includes automatically identified vendor details, company profile data, reputation signals, and product licensing information.
- •Publisher identity resolved from code signatures and embedded metadata
- •Company profile: industry, size, headquarters, and public reputation
- •Security incident tracking and vendor reputation assessment
- •Product licensing type and compliance indicators
Technical
Raw technical details for security analysts who want to dig deeper. File metadata, hash values, code signing details, entropy measurements, and structural information about the file.
- •File hashes (SHA-256, SHA-1, MD5) and size information
- •Code signing certificate chain, validity status, and signer identity
- •Entropy analysis indicating compression, encryption, or packing
- •Version info, compilation timestamps, and embedded resource details
Trust Score Breakdown
Every file receives a composite trust score between 0 and 100. This score is not a single check: it is calculated from five independently weighted dimensions that together reflect the overall trustworthiness of the file. The Overview tab shows radial gauges for each component so you can see exactly where a file gains or loses trust.
Threat Risk
The heaviest-weighted component. Evaluates pattern-matching results, behavioral indicators, and detection rule hits. Files with known malicious patterns, suspicious capabilities (like network access combined with privilege escalation), or community detection flags receive a low threat risk score, which significantly reduces the overall trust score. This dimension carries approximately the largest share of the total weight.
Code Signing
Verifies whether the file has a valid digital signature from a trusted certificate authority. Properly signed files from recognized publishers earn a high score here. Unsigned files, expired certificates, or self-signed binaries receive reduced scores. This dimension carries a weight comparable to Threat Risk, reflecting the importance of cryptographic identity verification.
Vendor Reputation
Assesses the software publisher’s track record. Well-known vendors with clean security histories contribute positively. Unknown publishers, vendors with prior breaches, or unresolvable identities lower this score. Vendor reputation carries a moderate weight in the overall calculation.
Category Signals
Considers the inherent risk profile of the software category. For example, system utilities and remote access tools carry higher baseline risk than productivity applications. The platform classifies files into 65+ canonical categories, and each category has a risk baseline that feeds into this dimension. Category signals carry a moderate weight alongside vendor reputation.
Terms of Service Compliance
Evaluates metadata quality, structural integrity, and compliance-relevant attributes. Files with complete version information, proper resource tables, and no anomalous structural indicators score well here. Stripped metadata, tampered timestamps, or structural anomalies reduce this score. This dimension carries a smaller but still meaningful weight.
Transparency note: When you view a report with the full score breakdown enabled, every factor includes a label, its weight, and a human-readable description explaining why that factor increased or decreased the score. This allows you to explain any verdict to stakeholders or auditors.
Verdict Meanings
The trust score maps to one of three verdicts. Each verdict is color-coded throughout the portal so you can quickly assess file status at a glance.
Clean (Score 80-100)
Low risk. The file exhibits strong trust signals across all dimensions. It is likely from a reputable vendor, properly signed, in a low-risk category, and shows no malicious patterns or suspicious behaviors. Clean files can generally be used with confidence, though organizational policies may still require approval for specific categories.
Caution (Score 50-79)
Review recommended. The file has mixed signals: some trust factors are positive while others raise concerns. Common reasons include: unsigned binaries from known vendors, files in higher-risk categories (like remote access tools), or minor detection hits that may be false positives. You should review the score breakdown and safety notes before proceeding.
High Risk (Score 0-49)
Elevated threat indicators. The file has significant negative signals such as detection rule matches, suspicious behavioral indicators, unknown or compromised publishers, or a combination of risk factors. High Risk files should not be executed or deployed without thorough investigation. If your organization uses endpoint agents in enforce mode, High Risk files matching your approval rules will be automatically quarantined.
Approval Status Badges
If your organization has configured approval rules, each analyzed file receives an approval status badge in addition to its trust score verdict. These badges reflect your organization’s specific policies, not just the platform’s scoring.
The file matches an approval rule that explicitly permits it. This could be based on a trusted vendor, a known hash, or a score above your configured threshold. Approved files are cleared for use under your organization’s policies.
The file matched a rule that requires manual review. An approval request has been automatically created and appears in your team’s approval queue. An administrator must approve or deny the file before it is considered cleared.
The file matched a block rule or was explicitly denied by an administrator. If endpoint agents are running in enforce mode, this file will be quarantined on managed devices. Not Approved files should not be used.
Files that do not match any approval rule will not display a badge. To set up approval rules for your organization, visit the Approval Rules documentation.
Safety Notes
Below the score gauges, each report includes a structured list of safety notes. These are specific observations about the file, categorized as either risk factors or positive indicators.
Risk Factors
Observations that contributed to a lower trust score. Each risk factor includes a category label and a description of what was detected.
- :Detection rule matches and the severity of matched patterns
- :Suspicious behavioral capabilities (network, persistence, escalation)
- :Unsigned or improperly signed code
- :Unknown or compromised vendor
- :High entropy or packing indicators
Positive Indicators
Observations that contributed to a higher trust score. These are signals that the file is legitimate and well-maintained.
- :Valid code signature from a trusted certificate authority
- :Well-known vendor with clean security history
- :Low-risk software category (e.g., productivity, development tools)
- :Complete and consistent metadata (version info, resources)
- :No detection rule matches across all engines
When to Re-analyze
Analysis results are a snapshot in time. There are several situations where re-analyzing a file can produce updated or more detailed results.
After connecting new integrations
If you add a threat intelligence or AI enrichment integration after the original analysis, re-analyzing will enrich the report with data from those new sources.
When new threat intelligence is available
Threat databases are continuously updated. A file that was clean last month may now match newly published detection rules. Periodic re-analysis keeps your reports current.
After vendor or source information changes
If the platform updates its vendor intelligence database or the file publisher issues new signing certificates, a re-analysis can capture those changes.
Following a security incident
If you suspect a file may be involved in a security incident, re-analyze it to get the latest detection coverage and compare the results with the original report.
After platform updates
The analysis pipeline is continuously improved with new detection capabilities, scoring refinements, and additional file format support. Re-analyzing older files takes advantage of these improvements.
Re-analysis counts toward your monthly analysis quota. You can re-analyze individual files from the report page or bulk re-analyze from the file list.
Ready to explore your reports?
View your analysis reports in the portal, or upload a new file to see the report format firsthand.