ESET Online Help

Search English
Select the topic

Raw Events

Click the process name to be redirected to the selected process' Process details. To view in Computer events, right-click the raw event’s name and click Show in Computer's Events. Use filters at the top of the screen to refine the displayed items list. Click Show Sub-Process Events to show the child process events.

The process tree on the right side

The process tree reflects the parent-child relationship between processes where child processes are shown directly beneath their parent and right-indented. Processes on the left are orphans, and their parent has exited.


important

Earlier Windows versions do not produce WMI events. This functionality became available in Windows 10 version 1803.

Some events record partial information:

File write events—The first file change (per process: if two processes change the same file, both changes are recorded).

Registry related events—The first registry key change (first time by a process).

DLLLoad—DLLs that are not whitelisted by AV.

TcpIp events—The first connection (first time by a process).

Http events—The first request (first time by a process).

ModuleDrop (a.k.a PEDrop)—The first drop of a given module (first time on a computer).

AmsiTriggerEvent—The first execution (first time on a computer).

Use action buttons to limit the view of the listed processes.