ESET Online Help

Search
Select the category
Select the topic

Executables

The executables table represents an entire repository of all of the discovered executables (and DLLs) within the network monitored by ESET Inspect.

For each executable granular statistics are provided, such as Reputation/popularity in LiveGrid®, First seen by LiveGrid®, on how many computers it was seen/executed. How many file operations, established network connections, what modifications it made, and further metadata, which is helpful to identify the potentially suspicious behavior of any executable.

The most data-dense view in ESET Inspect. It enables the most powerful customization options from the perspective of displayed columns and filtering. You can see details about how many detections each executable triggered and what the highest severity of a triggered detection was.

You can check the details of every executable, including the statistical data mentioned above and the detections of the executable triggered, the origin of the executable, and registry entries. All information will help you with the investigation based on what behavior the executable was evaluated as malicious.

You can also drill down to aggregated/raw events to examine them to figure out any activity that might be violating the company policy. It is also possible to perform remediation action - download executable for further investigation, add it to a block list (by hash) and kill a specific process.

Filtering, Tags and Table options

Use filters at the top of the screen to refine the list of displayed items. Tags are also powerful when searching for a specific computer, detection, incident, executable, or script. Also you can click the gear gear_icon icon for table options to manage the main table.

OS type (filter icons)

Click an icon to hide items. Filter by Operating System platform to see or hide the executables for icon_os_win Windows, icon_os_macos macOS or icon_os_linux Linux.

Executable type (filter icons)

Click to see only icon_exe EXE or icon_dll DLL files, or both simultaneously, where:

EXE = executable file

DLL = library file

Status

You can filter executables to see or hide executables marked as alarm_severity_threat Threat, alarm_severity_warning Warning, alarm_severity_info Information, executables_status_ok OK

 

The Executables details window consists of the following parts:

Details

Click the name of the executable to display comprehensive details.

Statistics

Statistical information about a specific executable or executable with the same file checksum is listed here.

Seen on—Number of computers on which the executable occurred.

Executed on—Number of computers on which the executable executed.

Executions count—Total number of executions of the executable.

Sent bytes—Total number of bytes sent by the file, from all computers, for all processes.

Network connections—Number of network connections made by the file.

File modifications—Number of files that were modified (written to, deleted, renamed).

Registry modifications—Number of registry entries that were modified.

Executable drops—Number of dropped executables made by this executable.

HTTP Events—Number of HTTP events made by this executable.

DNS Events—Number of DNS events made by this executable.

Events/24H—Number of events made by this executable within 24 hours.

Detections

This tab provides the same options as the main Detections, but only detections triggered by this specific executable. After clicking on a Detection, you are redirected to its Detection details.

Seen on

List of all computers on which the executable or executables with the same file checksum was seen.

Sources

List of dropped executables and additional information.

Click an executable name to take further actions:

Details

Go to the Executable details tab.

Statistics

Go to the Statistics tab.

Detections

Go to the Detections tab.

Seen On

Go to the Seen On tab.

Sources

Go to the Sources tab.

Block

Go to the Block Hashes tab.

Unblock

Hash from Blocked Hash section is removed.

Mark as Safe

Safe state, many rules determine the risk. Mark as Safe does have an impact on detections. Select the targets you want to mark as safe from target window. Mark as Safe does not necessarily guarantee that a specific module will never be included in detections. There are a few hundred rules, and some raise detections, regardless of which module executed the suspicious action. For example, a popular instance, trusted modules as PowerShell, can do it. Other rules try to evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module, and it is unlikely that the module is malicious, so rules assume that the risk is earlier during the evaluation.

Mark as Unsafe

If you marked as safe some executable by mistake, you could use this to unmark it.

Download File

The download window for the affected DLL appears.

Submit to ESET LiveGuard

Manually submitting file to the ESET LiveGuard analysis. This feature is available from ESET PROTECT version 10.1 or later.

Filter events

Go to the Create event storage filter.

Tags

Assign tag(s) to an executable from the list of existing, or create a new custom tag(s).

Audit log

Go to the Audit log tab.

Filter

Quick filters, depending on the column where you activated the context menu (Show only this, Hide this).


warning

Do not Block or Kill any process or executable of any Windows system processes and files. (for example, svchost.exe) Otherwise, this may cause a crash of the Operating system.