ESET Online Help

Search
Select the category
Select the topic

Search

Use search when looking for any object. Basic search enables you to search wit pre-defined parameters. Advanced events search is fully customizable using the expression.

Basic Search

Available parameter combinations for the basic search:

1.Object Type—Select a category (Detections, Computers, Events, Executables and Processes).

2.Related objects (optional)—Select if you want to narrow down the search result.

3.Attributes—Select from the available attributes.

4.Type your query (value), press Enter, and click Search.

The list of available attributes:

Rule Name—Search by the name of the rule.

Note—Search by the name of the note that was made in Detections, Executables and Processes.

Comment—Search by the comment that was made in Detection, Executables, Computers and Processes.

Description—Search by the description of the computer, taken from ESET PROTECT.

Name—Search by the name of the computer, executable or process.

IP Address—Search by the IP address of the computer.

MAC Address—Search by the MAC address of the computer.

Argument—Search by event argument, depending on the event type it can be a patch, filename, directory name, IP address.

SHA-1—Search by the SHA-1 of the executable.

SHA-256—Search by the SHA-256 of the executable.

MD5—Search by the MD5 of the executable.

Version Info—Search by the module version info (file description, internal filename, original filename, company name, file version, product version).

Signer—Search by the signer of the executable.

Origins—Search by the origin of the executable.

Dropper SHA-1—Search by the SHA-1 of the dropper.

Command Line—Search by the command line of the process.

Advanced Event Search

Enables you to define complex criteria to filter out events. Choose the object type Computers, Executables or Events.

Customize the expression according to your needs. Refer to the Rules Guide for details.

Search result

The search result table is refreshed automatically when the search is running. The view of the search results is based on object type, in case of two parameter search, on object type and related object type in case of three parameter search.

Click a search result to take further actions:

Details—Redirects you to the relevant section depending on the Object type.

Start—Starts selected search results.

Pause—Pause selected search results.

Duplicate query—Duplicates selected search result.

Delete—Deletes selected search results.

Rename—Enables you to rename the search result for better distinguish.

Tags—Used to tag the search. After choosing this option, new window for tag edition opens. in the Select field, you can type new tag or select already existing one.

Filter—Quick filters, depending on the column where you activated the context menu (Show only this, Hide this).