Verdicts

This section includes:

About verdicts

Each scan that is performed by Perception Point on any item, is assigned a verdict by Perception Point. For a list of possible verdicts, see Verdicts below. The verdict determines what happens with the scanned item. For example, an item may be quarantined based on the verdict. For details on how to specify if an item should be quarantined - based on the verdict - see Quarantine.

If you think that the verdict that has been assigned to a scan is not correct, you can:

Request that the Perception Point IR Team investigate the scan. For details, see Requesting an investigation.
Change the verdict yourself. For details, see Changing Verdicts.

Verdicts

The following verdicts can be assigned to a scan:

Verdict

Description

Can be quarantined?

Incident?

Malicious

[]

The scan indicates that the item is malicious. Malicious items are typically quarantined [if the integrated service supports this functionality].

For details on how to configure what happens to emails with malicious verdicts, see Which verdicts cause quarantine

Yes

For details, see Which verdicts cause quarantine

Yes

Spam

[]

The scan indicates that the email is spam. Depending on the settings that have been configured for your organization, the email will be either:

quarantined [if the integrated service supports this functionality]

or
sent to the "Spam" or "Junk" folder of the original recipients.

For details on how to configure what happens to emails with spam verdicts, see Which verdicts cause quarantine

[False positives - Microsoft 365] When spam emails are sent to the "Spam" or "Junk" folders, users can move any of these "spam" emails to their Inboxes, and mark the sender as safe, locally in their email systems. Future emails from this sender will then go to the Inbox and not to the "Spam" or "Junk" folders.

Restricted

[]

The scan detected a file of a type that is included in the list of restricted file types - according to your organization policy. This could include files such as .exe or .docx files.

You can configure Perception Point X‑Ray to quarantine restricted files, or emails that include restricted files. For details see Quarantine.

For details on how to view or manage your set of restricted file types, see Restricted file types.

Note:

Password-protected files that Perception Point X‑Ray is unable to scan can also result in a restricted verdict. For details, see Scanning password-protected attachments.
Emails that are blocked by custom block list entries may also be assigned a restricted verdict. For more details, see Custom blocklists.

Suspicious

[]

The scan is suspicious. The scan detected characteristics that are potentially harmful or indicative of malicious intent, but not conclusively so. Therefore the scan is not necessarily malicious, but it warrants further investigation by the Perception Point IR Team.

Note: The suspicious verdict is primarily for internal use by Perception Point. The suspicious verdict is assigned very seldom.

The suspicious verdict can be assigned manually by the Perception Point IR Team, and it can also be automatically assigned by Perception Point X‑Ray.

Suspicious scans are treated the same as clean scans.
Suspicious emails can't be quarantined.

Clean

[]

If nothing suspicious is detected during a scan, the item is assigned a "clean" verdict.

Clean emails are sent to the Inbox of the recipient.

Note:

Not all the above verdict types are available for all channels - some channels may use just a few of the above verdict types.
All data is saved in the Perception Point AWS servers - based on the environment of your organization.

Email delivery options

Depending on the verdict that is assigned to the scan of an email, the email will be delivered to a specified destination. The destination for each verdict can be configured. The diagram below shows the available destinations and the default destinations for each verdict.

* For details on how to configure which verdicts will cause emails to be quarantined, see Which verdicts cause quarantine