Xcitium Threat Hunter Assessment Tool Scan Results

Results are shown in the THAT interface as soon as the scan finishes.

Current Scan Interface – Full results of the most recent scan
Previous Scan Interface – A list of all previously run scans. Expand any scan to view per-endpoint results.

Click 'Previous Scans'/ 'Current Scan' to switch between the two interfaces:

Click '+' beside a hostname to view all files analysed on the endpoint. Double-click on any file to view file details.
The tiles above the results table show the total number of unknown, malicious, and clean files.

'Unknown' means no trust rating is available for the file. After expert analysis these will be categorized as either 'Safe' or 'Malicious'.

Current Scan Results Interface - Table of Column Descriptions
Column Header	Description
Name	The name of the computer on which the scan was run. Click '+' to view the full path of the file.
Size	The size of the analyzed file.
Verdict	Indicates the status of the file. The possible values are: Completed – Unknown file which has been successfully uploaded to Verdict Cloud for analysis. In Analysis – Unknown file which is currently being tested by Verdict Cloud Clean – Files found to be safe after Verdict Cloud analysis Malicious – Files found to be unsafe after FLS and Verdict Cloud analysis No Threat Found - No malicious intent was found by Verdict Cloud's automated tests, but the file has been passed onto human experts for further analysis. These files are listed as 'Unknown' in the tiles above the table. They will be classified as either 'Clean' or 'Malicious' after the human analysis concludes.

Searching, sorting and filtering Options

Use the search box to look for endpoints by name or IP address. Clear the search box to display all endpoints again.
Click the column headers to sort results by name, size, and verdict.
Click the funnel icon at the end of 'Name' column to choose result filters:

The results of the previous scans will be shown:

Previous Scan Results Interface - Table of Column Descriptions
Column Header	Description
Scan Summary	Indicates the status of scans. Scan Failed – The scan was unsuccessful. Scan Cancelled – The scan was cancelled by the admin. Computer scanned – The number beside it indicates the number of endpoints that were scanned for that scan.
Scan Date	The date and time the scan was run.
Scan Target	Indicates the type of scan: Auto Discovery – Scan run on discovered endpoints on the network Active Directory – Scan run on endpoints which belong to an Active Directory domain Network Addresses – Scan executed by specifying their host name/IP address, or scan all endpoints on an IP range Local Computer – Scan run on the local device
Scan Type	Indicates whether it is a quick or full scan.
Detailed Results	Click this link to open https://verdict.xcitium.com with full details of Verdict Cloud results. See 'Xcitium Verdict Cloud Analysis Results' for more information.

Double-click a scan or right-click then 'Details' to open the scan details interface

The interface is similar to current scan results explained above.

Click 'Detailed Scan Results' button to view full results at https://verdict.xcitium.com. See 'Xcitium Verdict Cloud Analysis Results' for more information.

Threat Hunter Assessment Tool (THAT)