How to interpret ESET PRIVATE Scanning Solution result data

This section outlines the recommended steps for interpreting scanner results and can serve as guidance when building customer agent integrations with the ESET PRIVATE Scanning Solution solution.

Example of scanner output for an infected file:

Recommended interpretation workflow:

1. deepScanStatus

•Begin by checking the deepScanStatus parameter to determine if the scan process is complete.

•If its value is DEEP_SCAN_STATUS_PENDING, the file is undergoing additional dynamic (deep) analysis service. In this case, query the result again later.

•If the value is DEEP_SCAN_STATUS_UNSPECIFIED, DEEP_SCAN_STATUS_SKIPPED, or DEEP_SCAN_STATUS_FINISHED, it means the scan is complete, no further action is required.

2. objectIsClean

•Next, review the objectIsClean parameter.

•If true, the file is clean, no additional review is needed.

•If false, investigate the remaining parameters for further threat details.

3. threatName and threatCategory

•These fields provide the specific name and classification of any detected threat, such as malware, potentially unwanted applications, or suspicious content.

4. behavior

•This array lists observed behaviors during dynamic sandbox analysis.

•For static scan results, this field will typically be empty.