TH15103
Detected presence of files with behaviors commonly used by malicious software.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
pass | medium | high | None | None |
About the issueโ
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are commonly abused by malicious software with the intent to cause harm. When a software package shares behavior traits with malicious software, it may become flagged by security solutions. Any detection from security solutions can cause friction for the end-users during software deployment. While the behavior is likely intended by the developer, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.
How to resolve the issueโ
- Investigate reported detections.
- If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed, or until the issue is risk accepted.
- Consider rewriting the flagged code without using the marked behaviors.
Recommended readingโ
- Malware (ReversingLabs glossary)
- Common malware behavior (External resource - Infosec Institute)