Each threat confirmed by Red Canary carries a classification, and may carry a more specific subclassification. These should be looked at as additional points of context, complimenting the activity timeline and related detection information provided by our platform and analysts. 

NOTE: While root classifications are well established, subclassifications may be numerous and are subject to change. Thus, not all subclassifications are listed.

Malicious Software

Malicious software is the general term for programs that perform unwanted actions on your PC. This can include stealing your personal information, locking your PC until you pay a ransom, using your PC to send spam, or downloading other malicious software.

Subclassifications include: Backdoor, Credential Theft, Crimeware, Dropper/Downloader, Exploit, Exploit Kit, Hacking Tool, Ransomware, Rogue Security Software, Trojan, Worm. 

Suspicious Activity

Suspicious activity alerts are indicative of activity that is abnormal, but not attributable to any known threat or malware family.

Subclassifications include: Account, Network, Process, Reconnaissance, Remote Access, Sensor Tampering 

Unwanted Software

Unwanted Software encompasses applications that, while not always malicious, may compromise system security or privacy.  

Unwanted Software subclassifications are explained below.


Software that performs actions such as changing browser settings and home pages, redirecting search results, and displaying advertisements. These applications use deceptive installation techniques, to include masquerading as or bundling legitimate software.

Peer-to-Peer (P2P)

Software used to share digital content or computing resources in a decentralized manner. Peer-to-peer software increases the risk of exposure to malware and/or illegal material, consumes network and computing resources, and may perform unauthorized sharing of controlled data.


Software that may be used to circumvent security policy or controls, including but not limited to: license or policy bypass, host-based proxies, and anonymization services. Riskware may have legitimate uses, but does introduce unique risk due to the functionality that this class of software provides.


Did this answer your question?