When users submit a file or URL to VMRay for analysis, they are usually most interested in answering the question 

Previous to our most recent 4.0 release, this question was answered in the VMRay Platform with a severity score (or VTI Score, explained here). But now with our most recent release, this answer has been simplified. No longer will the VMRay Platform use a numerical score to indicate potential maliciousness. From now on, the system will instead render a “Verdict” to replace the severity score.

In the new verdict system, submitted files and URLs will now be judged either as:

• Malicious
• Suspicious
• Clean
• Not available

These four  mark a reduction in number from the eight  in the previous .

This new system will be applied at all levels: analyses, samples, IOCs and artifacts. To increase clarity and avoid confusion, the numerical VMRay Threat Identifier (VTI) Score from 0 – 100, has been removed from the UI.  However, for backward compatibility, these values are still available via API.

The way VMRay calculates the verdict score has not been changed, only the way it presents the result. Each VTI still has a score of 1-5. . When a VTI with a -1 score is triggered, the sample or the artifact is prevented from having a M verdict. This can happen in special situations, such as when a PE sample has a trusted digital signature, or when a reputation analysis has a Clean verdict. It is also possible to write YARA rules with a -1 score.

While the VTI Score has been removed from the UI, it is still available via the API with these new verdict keys in the responses:

effective decisions in the incident response process.