! we did not find enough evidence to identify the file as malware.
However you should still use extreme caution when accessing it
File: ....\filezilla_server-0.9.41.exe
Reason: The file prevalence/reputation is low
Reading that, I find myself questioning two things:
1) What does "did not find enough evidence" mean? Does it mean 1) the evidence found is below some threshold *and was ZERO*, or 2) the evidence found is below some threshold *but was ABOVE ZERO*? I think it would be good to qualify things so people know which was the case.
2) Why are prevalence and reputation being lumped together? From an English point of view at least (which is how most people will interpret the wording), prevalence would be how widespread or common the file is. Technically speaking, that tells you nothing about whether or not a file presents some kind of threat. Prevalence could be a simple scale from 0 to whatever. From an English point of view at least, reputation requires that a view be held. IOW, if you *have been* exposed to something *and formed an opinion*, then that something has a reputation in your eyes (positive, neutral, or negative). If you *have not been* exposed to something (enough) you *cannot have an opinion* and its reputation in your eyes is not low it is undefined or TBD. The fine point being, reputation can't be a simple scale of for example -10 to +10 because there is also the "reputation not yet determined" case. I know this is confusing, but lets try some examples:
File1: Prevalence = 0, therefore Reputation = NotYetDetermined. We have no idea if the file is a threat, but caution would be in order.
File2: Prevalence = Low, but there is zero evidence of any threat (it could even be a Hello World app!) and it might even be from a whitehat organization so Reputation = Good amongst the smallish number of users. One can lower there guard somewhat on this file I would say.
File3: Prevalence = SomewhatCommon, but this is a common form of malware so Reputation = Bad. Even though its prevalence is higher, it is a threat and therefore is the worst file we've talked about so far.
I hope you understand the point I'm trying to make. Which is, I think it would be helpful if the words and definitions and standards were elaborated upon and the warning message text fine tuned so that people would know exactly what is being communicated. I think it would be a mistake to equate "low prevalence" with "low reputation".
