Classification Guide | F-Secure

Classification Guide

How F-Secure classifies threats

F-Secure categorizes each application or file as Clean, Potentially Unwanted Application, Unwanted Application or Harmful based on the risks it poses to your device or data.

An application suspected of being a Potentially Unwanted Application or an Unwanted Application may go through additional screening, which is detailed in Classifying Potentially Unwanted Applications.

Category Definition

Clean

A Clean application does not pose a risk to your device or data.

A Clean application does not have traits or behavior that can be harmful to your device or data.

Example

A word processing application does not perform any actions that are harmful to your device or data.

How the product protects you

The application or file is allowed to run normally.

Potentially Unwanted Applications & Unwanted Applications

A Potentially Unwanted Application (PUA) has behaviors or aspects that can be considered undesirable or unwanted, depending on the user's context.

An Unwanted Application (UA) has a significant number of undesirable or unwanted behaviors or aspects.

A PUA / UA can perform actions that impact:

  • Productivity
  • The device's resources
  • Data security or privacy

A PUA / UA does not meet the strict technical definition of malware.

Example

PUA: :A network monitoring application may be considered useful to a system administrator using it to monitor an office workstation, but undesirable to the workstation user, whose security and privacy may be impacted.

UA: An application bundle that leverages on the popularity of one application to entice users into installing a second included application, which serves aggressive or annoying ads.

How the product protects you

PUAA warning notification message is displayed before the application or file is allowed to run normally. You can also opt to have the F-Secure product block a PUA.

UA: The application or file is automatically blocked and quarantined. If you are certain you want to keep using the application or file, you can exclude it from further scanning by the product.

Harmful

A Harmful application or file poses a significant risk to your device or data.

A Harmful application or file can perform damaging actions, such as:

  • Stealing personal or system data
  • Secretly manipulating the device or installed applications
  • Completely blocking normal use of the device

Harmful applications or files meet the technical definition of malware.

Example

A ransomware silently encrypts files on the affected device to extort money from the user.

How the product protects you

The application or file is automatically blocked and removed.

F-Secure examines every application or file and assigns it a Type based on the actions it can perform. The Type is used to determine the application or file's Category.

Type Category Description
Application Potentially Unwanted Application If misused, introduces a security risk. More >
Adware Potentially Unwanted Application
Displays advertising material. More >
Trackware Potentially Unwanted Application
Identifies a user or a device to a third party. More >
Hack-Tool
Potentially Unwanted Application
Bypasses safety or security mechanisms. More >
Monitoring-Tool
Potentially Unwanted Application
Monitors and records (some or all) user actions on the device. More >
Spyware Potentially Unwanted Application
Collects information about user actions or a device, and sends it out. More >
Backdoor Harmful Provides unauthorized access to, and control of, a device. More >
Exploit Harmful Takes advantage of a vulnerability to create unexpected conditions. More >
Trojan Harmful Performs a harmful action without the user's knowledge or consent. More >
Rootkit Harmful Hides other applications or files on the device. More >
Worm Harmful Spreads copies of itself to other devices over a network. More >
Virus Harmful Directly tampers with an application or file's code. More >

Applications or files that are categorized as Potentially Unwanted Applications (PUA), Unwanted Applications (UA) or Harmful are also assigned a Platform, which indicates the operating system they need to be installed on, or the application they need to function.

Platform Description
AM Runs as a VBA macro in the Microsoft Access application (version 97 or later)
Android Runs on the Android mobile operating system
ACAD Uses the AutoCAD application
BAT Uses the DOS, Windows or NT command interpreter or clone (4DOS, 4NT)
Boot Uses or resides in the Master Boot Record (MBR) or DOS Boot Sector of an operating system
ChromeOS Runs on the Chrome operating system
CM Runs as a VBA macro in the Corel Draw! application (version 9.0 or later)
CS Uses the CorelScript interpreter found in many Corel products
DOS Uses COM, EXE (MZ) or SYS files on the DOS operating system and require some version of MS-DOS or clone
HLP Runs in the WinHelp application
HTML Runs in a HTML document as a malicious iframe
IDA Uses the IDA Pro application
INF Uses Windows INF files
INI Uses mIRC INI files
iPhoneOS Runs on the iPhone mobile operating system
MSIL Runs on or uses the .NET framework
Java Uses or runs in the Java Runtime Enviroment
JS Uses the Jscript or JavaScript interpreter
Linux Runs on any Linux distribution
MacOS Runs on any Mac operating system prior to MacOS X
MMS Uses Multimedia Messaging System (MMS) messages
OM Uses or runs in two or more applications in the Office 97 suite or later, including related products (Visio, Projects)
OS/2 Runs on the OS/2 operating system
OSX Runs on the MacOS X operating system
PM Runs as a VBS macro in Microsoft Project (version 98 or later)
PalmOS Runs on the Palm operating system
Perl Uses a Perl interpreter
PHP Uses or runs as a PHP script
PPM Runs as a VBS macro in Microsoft PowerPoint (version 97 or later)
PUM Runs as a VBS macro in Microsoft Publisher (version 97 or later)
REG Uses the Windows Registry file format
SH Uses a Unix(-like) shell script interpreter
SMS Uses Short Messaging System (SMS) messages
Solaris Runs on the Solaris operating system
SymbOS Runs on the Symbian operating system
SVL Runs in or uses Microsoft Silverlight
SWF Runs in or uses Macromedia Flash
Unix Runs on Unix or uses ELF files
VBS Uses the Visual Basic Script interpreter
W16 Runs on the 16-bit Windows operating system
W32 Runs on the 32-bit Windows operating system
W64 Runs on the 64-bit Windows operating system
W128 Runs on the 128-bit Windows operating system
WM Runs as a VBA macro in Microsoft Word (version 97 or later)
WinCE Runs on the PocketPC (Windows CE) operating system
WinHEX Uses WinHex
WMA Runs as a Windows media Audio file (usually disguised as mp3)
WMV Runs as a Windows media Video file (usually disguised as avi)
XM Runs as a VBA macro in Microsoft Excel (version 97 or later)