# How to Read a Malware Scan Report The best way to read a Virusis result screen is to follow the real data layers used by the product. ## 1. Confirm the sample identity Start with: * scan type * target or file name * checksum This helps ensure you are looking at the right sample. ## 2. Read the top-level scores Then review the score cards: * overall * algorithm * llm Use them for quick orientation, not as the only decision signal. ## 3. Inspect the engine cards Look at what each engine reports: * detection name * category * engine rank or image * clean versus flagged distribution ## 4. Open the threat intelligence tab If enrichment exists for the scan, this tab shows: * framework * tactic * technique * detection metadata those layers in grouped form. ## 5. Read the static analysis tab For file submissions, static analysis provides: * file type * entropy * imports * strings * indicators and other structural insights. ## 6. Decide whether the result needs to be shared or reported If the finding needs to move outside the platform, use: * PDF export * share link * QR code ## Short conclusion A Virusis report is easiest to interpret when you read it in this order: identity and scores first, engine cards second, then threat and static analysis layers. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.virusis.com/ai-explainers/how-to-read-a-malware-scan-report.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.