Executable details
There are the following tiles with details about the executable:
•Name—The name of the executable or DLL is shown.
•Select Tags—Assign tag(s) to a computer from the list of existing, or create a new custom tag(s).
•Signature Type—Information whether the file is signed or not and how it is signed (Trusted/Valid/None/Invalid/Unknown). If the value is Present, the executable is signed, but the ESET Inspect does not know the certificate's status. This is uncommon for Windows, but on MacOS, a signature is never verified by Endpoint, and as a result, the only possible states are Present and None.
•Seen on—The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view, with a filtered computers list.
•First Seen—When an executable was first seen on any computer in a monitored network.
•Last Executed—When an executable was last executed on any computer in a monitored network.
•Reputation (LiveGrid®)—Is a number from 1 to 9, indicating how safe the file is. 1–2 Red is malicious, 3–7 Yellow is suspicious, 8–9 Green is safe.
•Popularity (LiveGrid®)—How many computers reported an executable to LiveGrid®.
•First Seen (LiveGrid®)—When an executable was first seen on any computer connected to LiveGrid®.
Popularity |
On how many computers it was seen in LiveGrid® |
Color |
Description |
---|---|---|---|
0 |
0 |
red |
Not seen |
1 |
1–9 |
red |
Low |
2 |
10–99 |
yellow |
Medium |
3 |
100–999 |
yellow |
Medium |
4 |
1 000–9 999 |
yellow |
Medium |
5 |
10 000–99 999 |
green |
High |
6 |
100 000–999 999 |
green |
High |
7 |
1 000 000–9 999 999 |
green |
High |
8 |
10 000 000–99 999 999 |
green |
High |
9 |
100 000 000–999 999 999 |
green |
High |
10 |
1 000 000 000–9 999 999 999 |
green |
High |
11 |
10 000 000 000–99 999 999 999 |
green |
High |
•File—How many file modifications were made by this executable.
•Registry—How many registry modifications were made by this executable.
•Network—How many network connections were made by this executable.
Unresolved Detections(Unique / Total):
Threats |
Detection(s) with threat severity present on this computer. |
---|---|
Warnings |
Detection(s) with warning severity present on this computer. |
Informational |
Detection(s) with informational severity present on this computer. |
The executable that triggered the detection. After clicking the name, you are redirected to the Executable details.
•SHA-1—Hash of the executable.
By clicking the gear icon next to the hash, the context menu shows up, where you can use two options:
•Open the Virus Total search page that you can define in the Settings tab.
•Copy to clipboard—The hash to your clipboard for further use.
•SHA-256—If available the 256 bit hash is present.
•MD5—if available the MD5 hash is present.
•Signature Type—Information whether the file is signed or not and how it is signed (Trusted/Valid/None/Invalid/Unknown). If the value is Present, the executable is signed, but the ESET Inspect does not know the certificate's status. This is uncommon for Windows, but on MacOS, a signature is never verified by Endpoint, and as a result, the only possible states are Present and None.
•User Id—For macOS only. Same as the file description column for windows.
•Signature CN #1—For macOS only. Same as product name column for windows.
•Signature CN #2—For macOS only. Same as file version column for windows.
•Signature CN #3—For macOS only. Same as product version column for windows.
•Signature CN #4—For macOS only. Same as internal name column for windows.
•Signature CN #5—For macOS only. Same as original filename column for windows.
•Signature Id—For macOS only. Same as company name column for windows.
•Whitelist type—Information if an executable is whitelisted:
•Certificate—The executable is whitelisted because it is signed by the trusted certificate.
•LiveGrid®—The executable is whitelisted because the trustworthiness of the file was confirmed by ESET.
•File description—File description of the file, for example, "Keyboard Driver for AT-Style Keyboards".
•File version—Version number of the file, for example, "3.10" or "5.00.RC2".
•Company name—Company that produced the file, Microsoft Corporation or Standard Micro-systems Corporation, Inc.
•Product name—The name of the product with which the file is distributed.
•Product version—Version of the product with which the file is distributed.
•Internal name—Internal name of the file, if one exists, for example, an executable name if the file is a dynamic-link library. If the file has no internal name, this string will be the original filename, without extension.
•Original file name—The original name of the file, not including a path. This information allows an application to determine whether a file has been renamed by a user. The format of the name depends on the file system for which the file was created
•Packer name—The name of packer if a executable is packed.
•SFX name—Self-extracting archive type, if an executable is packed.
•File size—The size of the file on the disk.
•First seen—When was executable first identified by ESET Inspect on any computer.
•First executed—When was executable first executed on any computer. When clicked you are redirected to the Process details of this executable.
•Last Executed—When an executable was last executed on any computer in a monitored network.
•Marked as safe—Marked as safe by security engineers (users of ESET Inspect Web Console). If the status is "No" you can change with the action button.
•Blocked—Blocked by Security Engineer (user of ESET Inspect Web Console).
•Nearmiss report—If the detection triggered due to malware, but we cannot hundred percent guarantee it is a malware.
•Note—You can add the note by clicking the Set note blue string on the right side of the window.
•Status—Expresses the result of the behavioral analysis or the absence of a result (Unknown/Clean/Suspicious/Highly suspicious/Malicious).
•State—Expresses the executable's present station in the analysis workflow.
•Sent On—The time when was the executable sent to ESET LiveGuard.
•Last Processed On—The time when was the executable last processed on.
•Behavior—The link to the behavioral report of the executable.
•Audit Log—You see actions that were taken on this detection. At the moment, Resolved, Unresolved, Commented, and Priority Changed.
•Comments—Add an optional comment to recognize the detection easily.
Action buttons:
Incident |
Create an incident report, add to currently active, or add to (last 3 incidents). |
---|---|
Block |
Go to the Block Hashes tab. |
Unblock |
Hash from Blocked Hash section is removed. |
Mark as Safe |
Safe state, many rules determine the risk. Mark as Safe does have an impact on detections. Select the targets you want to mark as safe from target window. Mark as Safe does not necessarily guarantee that a specific module will never be included in detections. There are a few hundred rules, and some raise detections, regardless of which module executed the suspicious action. For example, a popular instance, trusted modules as PowerShell, can do it. Other rules try to evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module, and it is unlikely that the module is malicious, so rules assume that the risk is earlier during the evaluation. |
Mark as Unsafe |
If you marked as safe some executable by mistake, you could use this to unmark it. |
Download File |
The download window for the affected DLL appears. |
Submit to ESET LiveGuard |
Manually submitting file to the ESET LiveGuard analysis. This feature is available from ESET PROTECT version 10.1 or later. |
Filter Events |
Create event storage filter. |
Tags |
Assign tag(s) to an executable from the list of existing, or create a new custom tag(s). |
Filter |
Quick filters, depending on the column where you activated the context menu (Show only this, Hide this). |