I'm getting "Suspicious" as a result. What does this mean?

You can get "Suspicious" or "Infected" as a result.

  • "Infected" - the AV engine detected this as known malware. This is commonly based off of matching against their database of malware signatures.

  • "Suspicious" - the AV engine does not specifically detect known malware. However, AVs do special testing (e.g. heuristics or machine learning), in hopes to find malware that is not yet known from the wild. This is more like trying to detect "future" malware, before it becomes known and a signature is added to an AVs definition updates.

"Suspicious" can generally fall into the bucket of "false positives", when a file is flagged as malicious when it really isn't.

Note: Not all AVs support "Suspicious"

This article pertains to MetaDefender Cloud
This article was last updated on 2018-03-14