Reputation and prevalence properties used in Application Control rules
This discussion has a more recent version.
This article applies to the following F-Secure products: Policy Manager, PSB Portal, and Computer Protection.
This article lists and explains the reputation and prevalence property values used in the Application Control rules.
Reputation properties can have the following values:
|0-9||CLEAN||Known clean. Allow everything.|
|10-79||PROMPT||Suspicious or potential unwanted (PUA) or Riskware. Prompt the action from the local user.|
|80-89||UNWANTED||Unwanted Application. Automatic quarantine with option to exclude.|
|90-100||BLOCK||Known malicious. Block all actions.|
|101-999||UNKNOWN||Make a local decision. This is the default also when there is no response (empty response).|
Prevalence property can have the following values:
|0||Undefined or not known. This is the default also when no response or if this flag is missing.|
|1||Unique file (3 or less hits)|
|10||Very rare file (10 or less hits)|
|20||Quite rare file (100 or less hits)|
|30||Rare file (1000 or less hits)|
|40||Unusual file (10 000 or less hits)|
|50||Semi-common file (100 000 or less hits)|
|60||Common file (1 000 000 or less hits)|
|70||Common file (10 000 000 or less hits)|
|80||A very common file (100 000 000 or less hits)|
|90||A very very common file (1 000 000 000 or less hits)|
|100||Everybody basically has this (10 000 000 000 or less hits)|