Executables
The executables table represents a repository of all the discovered executables and DLLs within the monitored network.
For each executable, granular statistics are provided, such as reputation/popularity in LiveGrid®, first seen by LiveGrid®, how many computers it was seen/executed and further metadata. These statistics help identify an executable’s potentially suspicious behavior.
The executables table is ESET Inspect’s most data-dense view. It allows the most powerful customization options for displaying columns and filtering. You can find details for how many detections each executable triggered and the highest severity.
You can check every executable’s details, including the information mentioned above, the executable’s origin and registry entries. This information will help you investigate based on what behavior was evaluated as malicious in the executable.
You can also drill down to aggregated/raw events to find activities violating company policy. You can take remediation action—download the executable for further investigation, add it to a block list (by hash) and kill a specific process.
Filtering, Tags and Table options
Use filters at the top of the screen to refine the displayed items. Tags are powerful when searching for a specific computer, detection, incident, executable or script. Click the gear 
icon for table options to manage the main table.
OS type (filter icons)
Click an icon to hide items. Filter by Operating System to see or hide the executables for 
Windows, 
macOS or 
Linux.
Executable type (filter icons)
Click to see only 
EXE or 
DLL files, or both simultaneously, where:
EXE = executable file
DLL = library file
Status
You can filter executables to view or hide those marked as 
Threat, 
Warning, 
Information, 
OK
To manage executables, click the item and select one of the available actions, or select the check box next to one or more items and use the buttons in the lower part of the Executables screen:
Details |
Go to the Executable details tab. |
|---|---|
Statistics |
Go to the Executable statistics tab. |
Detections |
Go to the Executable detections tab. |
Seen On |
Go to the Executable seen on tab. |
Block |
Go to the Block Hashes tab. |
Unblock |
Remove hash from Blocked Hash section. |
Mark as Safe |
Mark targets in Safe state; many rules determine the risk. Mark as Safe impact detections. Select the targets you want to mark as safe from the target window. Mark as Safe does not guarantee that a specific module will not be included in detections. There are several hundred rules—some raise detections regardless of which module executed the suspicious action, including trusted modules like PowerShell. Other rules evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module and determined it is unlikely to be malicious, so rules assume that the risk is earlier in the evaluation. |
Mark as Unsafe |
Mark an executable as unsafe. |
Download executable |
The affected executable or DLL's download window appears. |
Submit to ESET LiveGuard |
Manually submit a file for ESET LiveGuard analysis. |
Tags |
Assign detection tags from the existing list or create custom tags. |
Audit log |
Go to the Audit log tab. |
Filter |
Show quick filters on the column where you activated the context menu (Show only this, Hide this). |
|
Do not Block or Kill any Windows system processes or executables, such as svchost.exe. This may cause an operating system crash. |
