Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 8 subscribers
  • Views 8544 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Difference between ML\PE and MAL\PE?

Kandarp Desai1

Hi,

In our clients environments, they get two types of alerts in Central dashboard, one with MAL\PE and ML\PE. As per my understanding, MAL\PE is a definite malware infected file and ML\PE is a potentially malicious file detected by deep learning with possibility of false positive. Is this correct ? Can MAL\PE also have false positives or is the file surely infected as it has matched with a signature.



This thread was automatically locked due to age.
Parents
  • +1

    Hi Kandarp Desai1,

    ML\PE - This detection is generated by Sophos Intercept X’s Machine Learning (ML) engine, also referred to by the specific Sophos approach Deep Learning and is designed to detect malicious PE (Portable Executable) files such as .exe, .sys, .dll, .scr

    MAl\PE - This detection is for generic detection of malware but using the available signature and not the Deep Learning. 

    We may or may not have False positives in both the cases and neither of them can be concluded as a False positive by the naming. If you believe any of the samples detected under these to be False positive, you can submit the sample to Sophos Labs for confirmation.  

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Reply
  • +1

    Hi Kandarp Desai1,

    ML\PE - This detection is generated by Sophos Intercept X’s Machine Learning (ML) engine, also referred to by the specific Sophos approach Deep Learning and is designed to detect malicious PE (Portable Executable) files such as .exe, .sys, .dll, .scr

    MAl\PE - This detection is for generic detection of malware but using the available signature and not the Deep Learning. 

    We may or may not have False positives in both the cases and neither of them can be concluded as a False positive by the naming. If you believe any of the samples detected under these to be False positive, you can submit the sample to Sophos Labs for confirmation.  

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Children
No Data
Unfiltered HTML