Scripts
Many recent attacks/infections are performed using file-less malware, which happens by executions of scripts that deliver a malicious payload or do any harmful activity.
ESET Inspect provides granular insight into all scripts executed within the company. Shows details about what changes were done and if any of the scripts triggered a specific behavior-based detection.
Security engineers can see details about the Event, entire process tree, detailed Command line parameters (arguments). All of that is needed for a detailed forensic investigation.
Use filters and group scripts by the Command line to easily spot anomalies or potentially suspicious activities.
Visual Basic scripts and scripts for PowerShell (WScript and CScript) are supported.
Filtering, Tags and Table options
Use filters at the top of the screen to refine the list of displayed items. Tags are also powerful when searching for a specific computer, detection, incident, executable, or script. Also you can click the gear 
icon for table options to manage the main table.
Process Groups
•Ungrouped—List of scripts sorted by Process Name (ID).
•First child executable—Grouped by the first child process that is a successor of the script. Name and the process ID in Task Manager.
•Parent executable—Grouped by parent process that is an ancestor of the script. Name and the process ID in Task Manager. in Task Manager.
•Command line—Grouped by the Command line / Process Name (ID) used to execute the executable.
Enables you to create an exclusion for a specified script(s). In the Basics section, type basic information about the task, such as a Exclusion Name and Note (optional) for a more in-depth description of the exclusion. Click Continue to configure the task settings. Criteria You can use pre-defined criteria: •Process name is one of—Type the names of the process that you want to apply the exclusion. •Cmd. line contains—Type in the process parameters if you want to exclude them by parameters. •User is one of—Type in the names of all users you want to apply the exclusion. Targets Click Assign to select computers or groups where you want this exclusion to apply and click OK. Summary Review the summary of configured settings in the Exclusion preview. Verify all the settings for this exclusion and click Create exclusion.
After creating the exclusion, you are redirected to the Exclusions in the More tab. |
Click process name to take further actions:
Details |
Go to the Process details tab. |
|---|---|
Aggregated Events |
Go to the Aggregated events of of this specific process. |
Detections |
Go to the Detections tab with a list of detections for this specific script. |
Raw Events |
Go to the Raw Events tab of this specific process. |
Loaded Modules |
Go to the Loaded Modules tab. |
Parent Process |
Go to parent process details tab of this specific process. |
First Child Process |
Go to first child process details tab of this specific process if available. |
Mark as Safe |
Safe state, many rules determine the risk. Mark as Safe does have an impact on detections. Select the targets you want to mark as safe from target window. Mark as Safe does not necessarily guarantee that a specific module will never be included in detections. There are a few hundred rules, and some raise detections, regardless of which module executed the suspicious action. For example, a popular instance, trusted modules as PowerShell, can do it. Other rules try to evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module, and it is unlikely that the module is malicious, so rules assume that the risk is earlier during the evaluation. |
Mark as Unsafe |
If you marked as safe some executable by mistake, you could use this to unmark it. |
Create Exclusion |
Create an exclusion for a specified script(s). |
Download Script |
The download window for the script for further investigation. Only if the script is still available in the network. |
Tags |
Assign tag(s) to a process from the list of existing, or create a new custom tag(s). |
Filter |
Quick filters, depending on the column where you activated the context menu (Show only this, Hide this). |