ProcessInfo
Return information about the current process.
Property |
Type |
Description |
Example |
|---|---|---|---|
CaseSensitiveCommandLine |
String |
Allows creating rules for command line that is case sensitive |
|
CommandLine |
String |
Process command line |
file.txt |
CommandLineLength |
Int |
Length of the command line |
123 |
Compromised |
Bool |
The process was marked as compromised by a rule with MarkAsCompromised action |
true/false or 1/0 |
IntegrityLevel |
Integrity level of the process |
Possible values are: •0—Untrusted •4096—Low •8192—Medium •12288—High •16384—System •20480—Protected process |
|
LnkPath |
String |
Contains a path to a shortcut execution |
|
ProcessDistance |
Int |
The distance of the process from the current process |
123 |
ProcessLevel |
Int |
Depth of the process in process hierarchy |
123 |
ProcessOwner |
String |
The user that created the process |
|
RiskScore |
Int |
Score is tracked for each process on the Endpoint. You can use actions IncreaseParentRiskScore or IncreaseRiskScore to increase the value by set amount. When risk score threshold is reached, KillParentProcess or KillProcess action is triggered. You can specify risk score threshold via Policy > ESET Inspect Connector > Advanced settings. The risk score resets after a certain period of time, by default 6 hours. |
1000 |
SentBytes |
Int |
Total number of bytes sent by the process. |
|
Supported operations
•CodeInjection
•CreateProcess
•LoadDLL