Find the desired product help

Xcitium Threat Hunter Assessment Tool Scan Results


Results are shown in the THAT interface as soon as the scan finishes. 


 

Click 'Previous Scans'/ 'Current Scan' to switch between the two interfaces: 

       

 

Current Scan Interface 
 

  • Click ‘Current Scan’ at the top to view the results of the most recent scan: 
     

 

  • Click '+' beside a hostname to view all files analysed on the endpoint. Double-click on any file to view file details. 
     

  • The tiles above the results table show the total number of unknown, malicious, and clean files.  
     

  • 'Unknown' means no trust rating is available for the file. After expert analysis these will be categorized as either 'Safe' or 'Malicious'. 
     

Current Scan Results Interface - Table of Column Descriptions 

Column Header 

Description 

Name 

The name of the computer on which the scan was run. Click '+' to view the full path of the file. 

Size 

The size of the analyzed file. 

Verdict 

Indicates the status of the file. The possible values are: 

  • Completed – Unknown file which has been successfully uploaded to Verdict Cloud for analysis. 
     

  • In Analysis – Unknown file which is currently being tested by Verdict Cloud 
     

  • Clean – Files found to be safe after Verdict Cloud analysis 
     

  • Malicious – Files found to be unsafe after FLS and Verdict Cloud analysis 
     

  • No Threat Found - No malicious intent was found by Verdict Cloud's automated tests, but the file has been passed onto human experts for further analysis. These files are listed as 'Unknown' in the tiles above the table. They will be classified as either 'Clean' or 'Malicious' after the human analysis concludes. 

 

Searching, sorting and filtering Options 

  • Use the search box to look for endpoints by name or IP address. Clear the search box to display all endpoints again. 
     

  • Click the column headers to sort results by name, size, and verdict. 
     

  • Click the funnel icon at the end of 'Name' column to choose result filters: 
     
     
     
     

Previous Scan Interface 

  • Click ‘Previous Scans’ at the top 

The results of the previous scans will be shown: 

 

 
 

Previous Scan Results Interface - Table of Column Descriptions 

Column Header 

Description 

Scan Summary 

Indicates the status of scans. 

  • Scan Failed – The scan was unsuccessful. 

  • Scan Cancelled – The scan was cancelled by the admin. 

  • Computer scanned – The number beside it indicates the number of endpoints that were scanned for that scan. 

Scan Date 

The date and time the scan was run. 

Scan Target 

Indicates the type of scan: 

  • Auto Discovery – Scan run on discovered endpoints on the network 

  • Active Directory – Scan run on endpoints which belong to an Active Directory domain 

  • Network Addresses – Scan executed by specifying their host name/IP address, or scan all endpoints on an IP range 

  • Local Computer – Scan run on the local device 

Scan Type 

Indicates whether it is a quick or full scan. 

Detailed Results 

Click this link to open https://verdict.xcitium.com with full details of Verdict Cloud results.  
See 'Xcitium Verdict Cloud Analysis Results' for more information. 

 

  • Double-click a scan or right-click then 'Details' to open the scan details interface 

     
     

 

The interface is similar to current scan results explained above. 

  • Click 'Back to Previous Scans' to return to 'Previous Scans' screen.