ESET Online Help

Search English
Select the topic

Process details

This list contains all tiles with process details:

Name—The process name is shown here. Click the name to be redirected to Executable details.

SHA-1—The executable's hash.

Click the gear gear_icon icon next to the hash to show the context menu, where you can find two options:

Open the Virus Total search page, which you can define in the Settings tab.

Copy to clipboard to add the hash to your clipboard.

Signer Name—The file signer, if applicable.

Seen on—The computers where the file was discovered. Click Seen on to be redirected to the Computers view, where you can find a filtered list.

Signature Type—The signature type, if signed: Trusted, Valid, None, Invalid or Unknown. The executable is signed if the value is Present, but ESET Inspect cannot identify the certificate's status. While uncommon for Windows, on MacOS, Endpoint does not verify signatures, and the only states are Present or None.

Seen on—The computers where the file was discovered. Click Seen on to be redirected to the Computers view, where you can find a filtered list.

File Description—The file's full description.

First Seen—When an executable was first seen on any computer in a monitored network.

Last Executed—When an executable was last executed on any computer in a monitored network.

LiveGrid®

Reputation (LiveGrid®)—A number from 1 to 9, indicating how safe the file is: 1–2 (red) is malicious, 3–7 (yellow) is suspicious, 8–9 (green) is safe.

Popularity (LiveGrid®)—How many computers reported an executable to LiveGrid®.

First Seen (LiveGrid®)—When an executable was first seen on any computer connected to LiveGrid®.

 

Popularity

No. computers affected in LiveGrid®

Color

Description

0

0

Red

Not seen

1

1–9

Red

Low

2

10–99

Yellow

Medium

3

100–999

Yellow

Medium

4

1 000–9 999

Yellow

Medium

5

10 000–99 999

Green

High

6

100 000–999 999

Green

High

7

1 000 000–9 999 999

Green

High

8

10 000 000–99 999 999

Green

High

9

100 000 000–999 999 999

Green

High

10

1 000 000 000–9 999 999 999

Green

High

11

10 000 000 000–99 999 999 999

Green

High

Events

File—Number of file modifications the executable made.

Registry—Number of registry modifications the executable made.

Network—Number of network connections the executable made.

Computer

Shows the computer's name where the detection triggered. Click the computer name to find Computer details. Click View detections on this computer to open the specific computer’s detection list.

Parent Group—A computer group's name where a specific computer is assigned. You can change the computer's group in ESET PROTECT.

Last connected—The permanent connection, which refreshes every 90 seconds, created for listening to blocked hash notifications, requests to download a file or kill a process.

Last event—The last event’s timestamp that was sent to the server. This event occurred on the computer, not when it was sent to the ESET Inspect Server.

ESET Inspect Connector version—The ESET Inspect Connector version, deployed on the computer.

OS Name—The operating system (OS) running on the computer.

OS Version—The OS version running on the computer.

Process—The process' name and the ID. Click the executable name to be redirected to the Executable details.

Command line—A command line command that executes this process.

Path—The path on the disk where the executable is located.

Started—The time the process started.

Ended—The time the process finished.

Parent process—The process that created a child process. Click the name to be redirected to the Process details.

First dropper—The first recorded process that dropped (created on disk) a module (executable file) of a given process on a given computer. Click it to be redirected to Process details.

Compromised—If available, shows the process is compromised.

LnkPath—A path to a shortcut execution.

Note—Click Set note to add a note.

Executable—The executable's name dropped by the first dropper and the one that started the process.

Integrity Level

Represented by the arrow in the process tree, the Detections tab grid, and wherever the process name is present. The integrity levels are:

Untrusted—Blue arrow downintegrity_blue. Blocks most write access to a majority of objects.

Low—Blue arrow downintegrity_blue. Blocks most write access to registry keys and file objects.

Medium—No icon. This is the default setting for most processes when UAC is enabled.

High—Red arrow upintegrity_red. Most processes will have this setting if UAC is disabled and the administrator is the user currently logged in.

System—Red arrow upintegrity_red. This setting is reserved for system-level components.

Protected process—Red arrow upintegrity_red. Some antimalware services use this to load trusted, signed code, and includes a built-in defense against code injection attacks.

Username

Shows the user or account name logged in when the detection was triggered. The following details are pulled from the Active Directory:

Full name

Job Position

User Department

User Description


note

To display user details, you must define the following parameters in the Active Directory:

ESET Inspect On-Prem parameter name

Attribute name

Full Name

cn

Job Position

title

User Department

division

User Description

description

Then, run a synchronization task to update.

Comments

Adds a comment.

Audit Log

Displays detection actions: Resolved, Unresolved, Commented and Priority Changed.

The process tree on the right side

The process tree reflects the parent-child relationship between processes where child processes are shown directly beneath their parent and right-indented. Processes on the left are orphans, and their parent has exited.

Process details action buttons:

Incident:

oCreate an incident report

oAdd to a current incident

oAdd to recent incident, which shows the last three incidents

oSelect incident to add to

Download file—Download the executable file for further investigation.

Kill process—Kill the process, if it is still active in the operation memory.

Submit to ESET LiveGuard—Manually submit file for ESET LiveGuard analysis.


warning

Do not Block or Kill any Windows system processes or executables, such as svchost.exe. This may cause an operating system crash.