Runs checks that are widely known, require no specialized skills or attack programs, and will result in direct or indirect system compromise (possibly root compromise). Direct system compromise provides an interactive logon session; indirect system compromise typically means that password information can be obtained for analysis using dictionary cracking.
This policy also includes checks to detect if the system has already been compromised, as well as some checks that are used to identify the system type, since some of the exploit checks only run against particular systems, and are otherwise disabled.