Datto AV threat categories

NAVIGATION Policies

PERMISSIONS Datto EDR subscription with administrator-level platform access or Datto AV subscription with administrator-level platform access

BEFORE YOU BEGIN The type of subscription you have may define the features available to you on this page. For a comprehensive overview of features available to Datto EDR and Datto AV customers, refer to Datto EDR and Datto AV access control.

As of Version 12522, Datto AV allows you to select additional threat categories directly within your policy settings. This improvement provides more comprehensive and granular control over how your organization detects threats and generates alerts.

Why This Matters

Expanding your threat category selections enables you to:

Customize alerts to match your organization’s risk profile.
Boost detection coverage across a wider range of malicious behaviors.

This flexibility helps you fine-tune your security strategy and stay ahead of evolving threats.

Overview

Datto AV Threat Categories are accessible in the Policy Rules section of any Datto AV policy.

By default, the following Threat Categories are enabled in Datto AV: Adware, Double Extension Files, Possible Unwanted Application, Backdoor-Client, Fraudulent Software, Adware/Spyware, Dialer, Phishing.

NOTE Threat categories can be configured when Datto AV is in alert-only mode because alerts are still generated by the Datto AV engine. Enabling additional threat categories may increase the number of alerts generated during scans. Disabling categories will reduce the number of alerts generated.

Threat categories and descriptions

Threat category	Description
Application (APPL)	An application of dubious origin or potentially hazardous to use.
Adware/Spyware (ADSPY)	Software that displays advertising pop-ups or sends user-specific data to third parties without consent.
Adware (ADWARE)	Software or components that display advertisements on your system.
Backdoor-Client (BDC)	Control software for backdoors. May be harmless, but review alerts and apply exclusions or submit files to Datto AV for analysis. See Datto AV File Submission and Working with exclusions in your Datto AV policy.
Dialer (DIAL)	Dial-up programs for fee-based connections. Unchecked use can lead to high costs.
Games (GAME)	Identifies game software.
Double Extension Files (HIDDENEXT)	Executable files disguised by a harmless file extension.
Jokes (JOKE)	Joke programs that may inconvenience users (for example, play loud audio, pop up videos, move the mouse cursor).
Unusual Runtime Compression Tools (PCK)	Files compressed with uncommon runtime compression tools. Verify source trustworthiness.
Fraudulent Software (PFS)	Software that charges a fee but contains no functions or installs dubious components.
Phishing (PHISH)	Fake emails designed to steal confidential information such as credentials or banking data.
Security Privacy Risk (SPR)	Programs that may affect system security, trigger unwanted activities, or violate privacy.

Revision	Date
Initial release.	1/7/26

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.