Not what you were looking for? Ask our experts!
Reply
Newbie
RandyBaker
Posts: 1
Registered: ‎01-24-2012

Risk Level rating differences between online details of infection and what the scanner reports

The exported results of a scan identifies the following threat removal.

 

Resolved Threats: Trojan.Gen  Type: Compressed  Risk: High (High Stealth, High Removal, High Performance, High Privacy)   Categories: Virus  Status: Fully Resolved

 

File insight rates this threat as High.

 

But the threat level in the documentation for Trojan.Gen on the website indicates the threat level is Very Low.

 

Trojan.Gen    
Risk Level 1: Very Low

 

Threat Assessment Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy
Damage
  • Damage Level: Medium
  • Payload: May open a back door or download other malware.

Distribution

  • Distribution Level: Low

 

Why is there such a major discrepancy in the Threat Levels in the documentation?  Which one do I really believe?

 

Thank you

peterweb
Posts: 8,771
Kudos: 1,367
Solutions: 342
Registered: ‎04-17-2008

Re: Risk Level rating differences between online details of infection and what the scanner reports

Any threat that is actually on your system is HIGH RISK.

 

It does not really matter what is on a web page. Web page info can take some time to be refreshed/updated, where the definitions that are downloaded each day are up to date.


Things happen. Export/Backup your Identity Safe data.
SendOfJive
Posts: 10,755
Kudos: 4,795
Solutions: 776
Registered: ‎02-07-2009

Re: Risk Level rating differences between online details of infection and what the scanner reports

[ Edited ]

Hi RandyBaker,

 

The Risk assignment for a threat that is found on your PC is not the same thing as the Threat Assessments that you find in the malware write-ups.  The former is concerned only with the amount and types of damage that the detected threat can do to your individual PC.  The published Threat Assessment, on the other hand, is an evaluation that relates to a large population of PCs, and so takes into account such things as how widespread a threat has become and how quickly it is spreading through that population.  Thus, a virus that can do a great deal of damage to your PC, if the computer becomes infected, might show as a High Risk within your Norton program logs; yet it may merit only a low Threat Assessment if the chances of any individual machine becoming infected are low, due to the threat not being widespread, or perhaps because it is propagating slowly enough through the population to be easily contained.

 

You can read the more technical explanation here:

 

http://www.symantec.com/security_response/severityassessment.jsp