Defensive Analysis Guidance

Paste or upload scripts only when you are allowed to analyze them. DESA performs static analysis and does not execute submitted content.

Use decoded artifacts, IOC extraction, risk explanation, and rule matches as triage evidence. Treat severity as deterministic support for analyst judgment, not as malware-family attribution.

Public URL analysis is bounded and SSRF-protected. DESA fetches only the URL you provide and never follows script-embedded URLs or secondary payload references.

Future AI-assisted reports are backend-only and degraded until a protected provider is configured. Deterministic findings remain the source of truth.