Showing results for 
Search instead for 
Did you mean: 
Level 9

NSP result

Dear all

I wonder that what is the different between N\A and inconclusive on real tine treat analyzer

0 Kudos
1 Reply
Level 9

Re: NSP result

Hello, and welcome to the community!

The 'Result' category in the Real-Time Threat Analyzer is a string that determines what the end result of a particular attack was. In many cases you will see 'n/a' or 'inconclusive' or 'blocked'.

Here are the definitions of the two types of results, according to the Administration Guide:


— The result of the attack is not known. This is most likely due to a generic policy,

such as the Default or All-Inclusive policy where the policy rules are not environment specific. For

example this may be the result if an attack occurs against an irrelevant node.


: the alert was raised for suspicious, but not necessarily malicious, traffic. This result is

common for Reconnaissance attacks due to the nature of port scanning and endpoint sweeping.

In conclusion -

'Inconclusive' result is used when the Network Security Manager is uncertain about whether or not an attack was successful. (Microsoft Outlook exploit on a Linux Webserver, for instance)

'n/a' result is used to display alerts that are more informational in nature. (Host sweeps, DoS attacks, Credentials that are too long, potential bot detections, IRC traffic detected, etc.)

If you want to know more about the Real-Time Threat Analyzer, this is the guide I referred to:

8.1 Manager Administration Guide


Jesse Olson

Technical Support Engineer

McAfee. Part of Intel Security.

0 Kudos