Skip to content

Downloads and attachments

The activity records provide basic information such as the date and time on which files or emails containing suspicious attachments were sent to Zero-day protection.

You can also view the analysis, release status, report details, and release files or emails.

  • To see the details of a scan, hover over the detection status of an entry. The scan shows a brief overview of the threat result at each stage of the Zero-day protection processing. To see the full report, select View report.
  • To filter the results, click Filter Filter button. and specify the criteria.
  • To see the details of the Zero-day protection analysis, select More options, More options button., and select Show report.
  • To release a file or email message, click Release now.

When you release a file, users can download it immediately. Only files that are currently being analyzed or that have been returned with error status are eligible for release. Zero-day protection continues to analyze the file even if you release it.


Releasing an item before the analysis is complete may result in the downloading of malicious content.

Reports contain the following information:

Option Description
Download details For example, the source, download time, and users who downloaded the file.
Analysis summary Shows the overall Zero-day protection result of the file. The analysis classifies the files as clean, likely clean, suspicious, malicious, or Potentially Unwanted Application (PUA). You can also see an overview.
Machine learning analysis Shows the overall machine learning result, file feature analysis, feature combination analysis, and file structure analysis.
Reputation analysis The result of this analysis is based on how widely-seen the file is.
Zero-day protection detonation results Shows the activities the file carries out, screenshots of the file being run in Zero-day protection, details of the processes the file uses, and the registry activity generated.
Full file analysis Shows full details of the file. This section contains details of the file signatures and any certificates used, the resources called, imports carried out, such as DLLs used, and any export functionality.
VirusTotal report Shows how many reports for the specific threat are currently shown in the VirusTotal database and the number of malware detection products that currently detect the file.