Additional Filters

Through additional filters, you can select the way, how will the view/list/report look.

Not all filters are available at all tabs/pages/views

Alerts—allows filtering by the number of ESET PROTECT related alerts (outdated endpoint, etc.)

Agent version—allows filtering by the version of EEI Agent deployed on the particular computer

Assignee—allows filtering by the name of the assignee

Author—allows filtering by the author (name of the currently logged User at the time of creation or edition)

Blocked Url—allows filtering by the URL of the blocked detection if applicable

Category—allows filtering by the category name that you can find among category tags in the Edit Rule section

Cleaned—allows filtering by the file, if it was marked as cleaned

Command Line—allows filtering by the detections by the Command Line file name

Command Line Length—allows filtering by the length of the command line command (Count of characters)

Comment—allows filtering by the comment added to the computer details

Company Name—allows filtering by the company that produced the executable, for example, "Microsoft Corporation" or "Standard Microsystems Corporation, Inc."

Computer—allows filtering by the computer name. Select equal/unequal to include/exclude specific name. In Scripts tab, allows filtering by the name of the computer, where the detection triggered

Computers—allows filtering by the number of computers that the reporter created the report for

Create Time—allows filtering by the time of creation of the report

Created—allows filtering by the time when was the task created

Details—allows filtering by the text in the details column field

Description—allows filtering by the description of the computer, taken from ESET PROTECT. In Incidents allows filtering by the description provided by the reporter

Detection Info—allows filtering by the detection of specific information (i.e., rule name in case of rule detection, malware info in case of antivirus detections, etc…)

Detection Type—allows filtering by the type of the detection (Firewall, HIPS, Filtered Websites, Antivirus, Rule, Blocked Executable)

Detections—allows filtering by the number of Detections triggered by this task. In Incidents allows filtering by the number of detections that the report contains

Enabled—allows filtering by the rule/exclusion. Enabled or disabled

Ended—allows filtering by the the time, when the process was terminated, caused by this process

Endpoint version—allows filtering by the version of Endpoint installed on that Computer

Events received today—allows filtering by all events since midnight

Executable—allows filtering by the name of the executable found in the detection details or in the Executable column. Choose equal/unequal to include/exclude specific name

Executables—allows filtering by the number of executables that the report contains

Executable Drops—allows filtering by the number of dropped executables made by this executable

Executed on Computers—allows filtering by the number of computers on which the file was executed

Executions—allows filtering by how many times this EXE file was executed on all computers

File Description—allows filtering by the full description of the file, for example, "Keyboard Driver for AT-Style Keyboards"

File Modifications—allows filtering by how many files were modified (written to, deleted, renamed)

File Version—allows filtering by the version number of the file for example, "3.10" or "5.00.RC2"

Filter Name—allows filtering by the name of the event filter

First Executed—allows filtering by when was executable first executed on this computer

First HTTP Request—allows filtering by the source HTTP address, if the script access the network

First Child Module Name—allows filtering by the child process name

First Seen—allows filtering by when an executable was first seen on any computer

First Seen (LiveGrid®)—allows filtering by when an executable was first seen on any computer connected to LiveGrid®

FQDN—allows filtering by the fully qualified domain name,  is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS)

From Date—allows filtering by the date when the task was started

Full name—allows filtering by the users full name, if available from Active Directory

Group—allows filtering by the name of the group of computers a specific computer belongs to

Hit Count—allows fitlering by the count of detections that were excluded by this exclusion

Information—allows filtering by the total count of unresolved informational detections on computer

Information (Unique)—allows filtering by count of unique unresolved informational detections on computer

Inspected—allows filtering by the executable marked as inspected by the user

Integrity Level—allows filtering by the level of integrity.These levels are present:

oUntrusted—Blue arrow downIntegrity_blue, blocks most write access to a majority of objects

oLow—Blue arrow downIntegrity_blue, blocks most write access to registry keys and file objects

oMedium—No icon, this is the default setting for most processes when UAC has been enabled on the system

oHigh—Red icon upIntegrity_red, most processes will have this setting if UAC is disabled and the currently logged on user is the administrator

oSystem—Red icon upIntegrity_red, this is a setting reserved for system level components

oProtected process—Red icon upIntegrity_red, is used by some anti-malware services, only allows trusted, signed code to load and has built-in defense against code injection attacks

Internal Name—allows filtering by the internal name of the file, if one exists, for example, an executable name if the file is a dynamic-link library

Job Position—allows filtering by the users job position, if available from Active Directory

Last Change Date—allows filtering by the date, when the object was changed the last time

Last Change Type—allows filtering by the last change of the object (for example, marked as resolved, change of the priority)

Last Changed By—allows filtering by the user which was the last one to change the object

Last connected—allows filtering by the permanent connection created to listen on notification about blocked hashes, requests to download some file, kill the process, etc. Refresh interval is 90 seconds

Last event—allows filtering by the timestamp of the last event sent to the server. So the time when this event occurred on the computer, not when it was sent to EIServer

Last Executed—allows filtering by when was executable executed last time on any computer

Last Update—allows filtering by the time of the last update of the report

MITRE ATT&CK™ TECHNIQUES—allows filtering by the ID of the MITRE ATT&CK™ TECHNIQUE

Name—allows filtering by the name of the computer/executable/exclusion/task/blocked hash/report

Nearmiss Report—allows filtering by the detection triggered due to malware, but we can't hundred percent guarantee it is a malware. Select earlier than or later than, and the desired time range

Network Connections—allows filtering by the number of network connections made by this object

Occurred—allows filtering by the time of occurrence of the alert. Select earlier than or later than, and the desired time range

Occurred Time—allows filtering by the time of occurrence. Select earlier than or later than, and the desired time range

Original File Name—allows filtering by the original name of the file, not including the path

OS Name—allows filtering by the name of the operation system (Windows, macOS, etc.)

OS Platform—allows filtering by the operating system that is running on the particular computer:

o32-bit

o64-bit

OS Version—allows filtering by the version of EEA or EES deployed on the particular computer:

omacOS 10.15

omacOS 10.14

omacOS 10.13

omacOS 10.12

oWindows 10

oWindows 8.1

oWindows 8

oWindows 7

oWindows Vista

oWindows XP 64- Bit Edition

oWindows XP

oWindows Server 2019

oWindows Server 2016

oWindows Server 2012 R2

oWindows Server 2012

oWindows Server 2008 R2

oWindows Server 2008

oWindows Server 2003

Parent Module Name—allows filtering by the parent process name

Packer Name—allows filtering by the name of packer if an executable is packed

Parent Process ID—allows filtering by the ID of the parent process that created this child process

Parent Process Name—allows filtering by the name of the parent process that created this child process

Parent Process SHA-1—allows filtering by the hash of the parent process

Parent Process Signature Type—allows filtering by the parent process's file signature type (Trusted/Valid/None/Invalid/Unknown)

Parent Process Signer Name—allows filtering by the parent process's file signer name

Popularity (LiveGrid®)—allows filtering by how many computers reported an executable to LiveGrid®.

Problem—allows filtering by the text of the problem of the alert

Processes—allows filtering by the number of processes that the report contains

Process ID—allows filtering by the Process ID found in detection details or in Process Name (ID) column. You can choose whether it is bigger and equal or smaller and equal to the one you are looking for, Known—if the ID is known, Unknown—if the ID is unknown (for example, executable blocked by hash)

Process Name—allows filtering by the Process Name that you can find in the details of the Detection or in the column Process Name (ID). You can choose whether it is equal or unequal to the one you are looking for

Product—allows filtering by the text of the product of the alert

Product Name—allows filtering by the name of the product with which the file is distributed

Product Version—allows filtering by the version of the product with which the file is distributed, for example, "3.10" or "5.00.RC2"

Progress—allows filtering by the progress of the started task (percentage)

Registry Modifications—allows filtering by how many registry entries were modified

Reputation (LiveGrid®)—allows filtering by the number from 1 to 9, indicating how safe the file is. 1-2 Red is malicious, 3-7 Yellow is suspicious, 8-9 Green is safe

Resolved—allows filtering by the total count of resolved detections on a computer with no regard for the severity. In case of detections view or tab, it allows filtering by the status of the detection, whether it was resolved or not

Resolved Detections—allows filtering by the total count of resolved detections on the specific computer with no regard to severity

Rule Body—allows filtering by the specific string, that is withing body of the rule syntax

Rule Name—allows filtering by the name of the rule (Default or Customized)

Rules Count—count of the rules used in the exclusion

Rules Names—names of the rules that were used in the exclusion

Safe—allows filtering by the executable that was marked as safe

Scanner—allows filtering by the type of Endpoint scanner that prevented the potential threat

Seen on Computers—allows filtering by the the number of computers on which the file was discovered

Sent Bytes—allows filtering by the total number of bytes sent by this file, from all computers, all processes

Severity Score—allows filtering by the more precise definition of severity. 1-39 > Info Alarm_Severity_Info 40-69 > Warning Alarm_Severity_Warning 70 - 100 > Threat Alarm_Severity_Threat

SFX Name—self-extracting archive type, if an executable is packed

SHA-1—allows filtering by the hash of the executable

Signature CN #1—for macOS only. Same as product name column for windows.

Signature CN #2—for macOS only. Same as file version column for windows.

Signature CN #3—for macOS only. Same as product version column for windows.

Signature CN #4—for macOS only. Same as internal name column for windows.

Signature CN #5—for macOS only. Same as original file name column for windows.

Signature Id—for macOS only. Same as company name column for windows.

Signature Type—allows filtering by the signature type (Trusted/Valid/None/Invalid/Unknown)

Signer Name—allows filtering by the signer of the file

Started—allows filtering by the time, when the process was executed, caused by this process

Status—allows filtering by the name of the ESET PROTECT alert status

Subproduct—allows filtering by the text of the subproduct of the alert

Task Name—allows filtering by the task name from Tasks tab

Threat Name—allows filtering by the threat name, that can be found in this list http://www.virusradar.com/en/threat_encyclopaedia

Threats (Unique)—allows filtering by the count of unique unresolved threat detections on computer

Threats—allows filtering by the total count of unresolved threat detections on computer

Time—allows filtering by the time of occurrence

To Date—allows filtering by the date when the task ended

Triggered Time—allows filtering by the time of triggering. Select earlier than or later than or equal, and the desired time

Unresolved (Unique)—allows filtering by the count of unique unresolved detections on computer

Unresolved Detections (Unique)—allows filtering by the total count of unique unresolved detections on the specific computer

Unresolved—allows filtering by the total count of unresolved detections on computer

URI—allows filtering by the URI which caused this detection to trigger

User Department—allows filtering by the users department

User Description—allows filtering by the users description

User Id—for macOS only. Allows filtering same as file description column for windows.

Username—allows filtering by the user account that was logged on the computer at the time of detection trigger

Valid—allows filtering by the rule with the wrong syntax, it gets an invalid tag

Warnings (Unique)—allows filtering by the count of unique unresolved warning detections on computer

Warnings—allows filtering by the total count of unresolved warning detections on computer

Whitelist Type—allows filtering by the information if an executable is whitelisted:

oCertificate—the executable is whitelisted because it is signed by the trusted certificate

oLiveGrid®—the executable is whitelisted because the trustworthiness of the file was confirmed by ESET