The WildFire grayware verdict classifies files that behave similarly to malware, but are not malicious in nature or intent. A grayware verdict might be assigned to files that do not pose a direct security threat, but display otherwise obtrusive behavior (for example, installing unwanted software, changing various system settings, or reducing system performance). Examples of grayware software can typically include adware, spyware, and Browser Helper Objects (BHOs). The grayware verdict allows you to quickly distinguish malicious files on the network from grayware, and to prioritize accordingly.
Antivirus signatures are not generated for grayware and security policies cannot be enforced based on the grayware verdict. However, logs and reports can continue to alert to endpoints downloading grayware, enabling you to take any necessary action.
Thank you for claryfying - but this does not answer my initial question. Please see below:
- This app does is not marketed to anyone who did not specifically request to download and install it.
- This app is not obtrusive, distruptive, does not change any system settings without users explicit permission, does not in any way reduce system performance - in fact it does the opposite.
- This app does not include any adware or spyware or BHOs - in fact its designed to remove or block these types of files/behaviours
- This app has gone through extensive 3rd party validation and is currently certified by AppEsteem (https://customer.appesteem.com/vendors/REALD/171117-PEF-REALD-00039)
Per above - how does this app qualify as a grayware?
Our Malware Reverse Engineers manually reviewed the software and from their analysis the software exhibits characteristics that malware also performs. Some of these things could be self signed certs or software that isn't signed at all. Proxy changes are also listed as potentaly harmful and this program was seen to perform that.
As I am not the one who analyzes the software itself, I can't speak to why they determined it to be Greyware. If you look at it in Virus Total it says that it's Clean and not Malware. This was the goal, correct?
Our software is not self signed and we use DigiCert and other reputable 3rd party certs. We do not use Proxies.
Can you tell me where you are detecting this info.
We do not want our software categories incorrectly and greyware classification is certainly not accetable.
We just want to know the facts. If you say we are using proxies or 1st party certs or display behaviour consistent with malware - please show us where you are seeing this or provide any evidence to prove this. Nothing that you have mentioned is consistent with how our software works.
Please advise further
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The LIVEcommunity thanks you for your participation!