Details

In the first tile, you can find the following details:

Name—If it is known, the executable's name that runs the process is shown here. By clicking on the name, you are redirected to the Executable details

SHA-1—Hash of the executable. By clicking the down arrow next to the hash, the context menu shows up, where you can use two options:

oHere you will see the preferred virus search page that you can define in the Server Settings tab. By default, the Virus Total search page

oCopy to clipboard—As the name says, it will copy the hash to your clipboard for further use

Signature Type—Information whether the file is signed or not and how it is signed (Trusted/Valid/None/Invalid/Unknown)

Signer Name—If the file is signed, here you can see the signer of the file

Seen on—The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view, with a filtered Computers list

First Seen—When an executable was first seen on any computer in a monitored network

Last Executed—When an executable was last executed on any computer in a monitored network

 

In the second tile, you can find the following ESET LiveGrid details:

Reputation (LiveGrid®)—Is the number from 1 to 9, indicating how safe the file is. 1-2 Red is malicious, 3-7 Yellow is suspicious, 8-9 Green is safe

Popularity (LiveGrid®)—How many computers reported an executable to LiveGrid®. For a detailed description, click here

First Seen (LiveGrid®)—When an executable was first seen on any computer connected to LiveGrid®

 

In the third tile, you can find the following details:

File—How many file modifications were made by this process

Registry—How many registry modifications were made by this process

Network—How many network connections were made by this process

 

In the fourth tile, you can find the following details:

Computer—Shows the name of the computer where the detection triggered. After clicking the computer name, you are redirected to Computer details

Parent Group—The name of a group of computers where this particular computer is assigned. The computer’s group can be changed in the ESET PROTECT

Last connected—Permanent connection created to listen on notification about blocked hashes, requests to download some file, kill the process, etc. The refresh interval is ninety seconds

Last event—Is the timestamp of the last event sent to the server. So the time when this event occurred on the computer, not when it was sent to the EEI Server

Agent version—Version of EEI Agent, deployed on the particular computer

OS Name—the name of the operating system that is running on the particular computer

OS Version—The operating system that is running on a particular computer

 

Under the tiles, these details can be found:

Process—The name and the ID of the process. After clicking the executable name, you are redirected to the Executable Details

Command line—A command line command that executes this process

Path—Path on the disk where the executable is located

Started—The time when the process was executed

Ended—The time when the process was executed

Parent process—The process that created this child process. After clicking its name, you are redirected to the Process Details of that particular process

First dropper—The first recorded process that has dropped (created on disk) module(executable file) of a given process on a given computer (that given process was run). By clicking it, you are redirected to the Process Details of that process

Integrity Level—Represented by the arrow in the process tree, the grid of Detections tab, and everywhere where the process name is present
These levels are present:

oUntrusted—Blue arrow downIntegrity_blue, blocks most write access to a majority of objects

oLow—Blue arrow downIntegrity_blue, blocks most write access to registry keys and file objects

oMedium—No icon. This is the default setting for most processes when UAC has been enabled on the system

oHigh—Red icon upIntegrity_red, most processes will have this setting if UAC is disabled and the currently logged on user is the administrator

oSystem—Red icon upIntegrity_red, this is a setting reserved for system-level components

oProtected process—Red icon upIntegrity_red, is used by some anti-malware services, only allows trusted, signed code to load, and has a built-in defense against code injection attacks

Compromised—if available shows if the process is compromised

LnkPath—string, contains a path to a shortcut execution

Note—a place where the user can put his note for this process. You can add the note by clicking the Set note blue string on the right side of the window

Computer—The name of the computer on which the process is executed. By clicking the name, you are redirected to that Computers Details

Executable—The name of the executable dropped by the first dropper and the one that started the process

SHA-1—hash of the executable

Signature Type—Information whether the file is signed or not and how it is signed (Trusted/Valid/None/Invalid/Unknown)

Signer Name—If the file is signed, here you can see the signer of the file

File description—File description of the file, for example, "Keyboard Driver for AT-Style Keyboards"

Seen on—The number of computers on which the file was discovered

First Seen—When an executable was first seen on any computer in a monitored network

Inspected—If the executable is marked as inspected by the user

Reputation (LiveGrid®)—Is the number from 1 to 9, indicating how safe the file is. 1-2 Red is malicious, 3-7 Yellow is suspicious, 8-9 Green is safe

Popularity (LiveGrid®)—How many computers reported an executable to LiveGrid®. For a detailed description, click here

First Seen (LiveGrid®)—When an executable was first seen on any computer connected to LiveGrid®

Username—The name of the user/account that was logged in when the detection was raised

Full name—User's full name, if available from Active Directory

Job Position—User's job position, if available from Active Directory

User Department—User's department, if available from Active Directory

User Description—User's description, if available from Active Directory

Comments—a place where the user can put his comments for this process. You can add the comment by clicking the Add comment blue string

 

The process tree on the right side—The process tree reflects the parent-child relationship between processes where child processes are shown directly beneath their parent and right-indented. Processes that are on the left are orphans, and their parent has exited.

There is a possibility to download the executable for further investigation by using the button:

INCIDENT—used to create an incident report, add to the currently active incident, add to one of the three latest active incidents

DOWNLOAD FILE—located at the bottom of the window

KILL PROCESS—kill the process, the details of which are shown - if it is still active in the operation memory