Computers

Your environment structure of computers and devices managed via ESET PROTECT. The table with computer provides you with a detailed view of essential information about each machine, its status, time of the last communication and last event.

The view aims to give emphasis on the severity and unresolved detections, enabling the security team to perform computer-centric investigation. Focus on the computers with the highest rate, severity, and frequency of detections. These computers may indicate an acute need for further investigation, or a false positives to be resolved.

You can quickly perform actions, like initiate Reboot or Shutdown of the computer. A useful feature is the Terminal for PowerShell connection to any computer.

Preview panel

Click a computer name to display the preview panel on the right side. The computer preview panel contains the most important information about the select computer. Some items are interactive.

Filtering, Tags and Table options

Use filters at the top of the screen to refine the list of displayed items. Tags are also powerful when searching for a specific computer, detection, incident, executable, or script. Also you can click the gear gear_icon icon for table options to manage the main table.

 

The Computer details window consists of the following parts:

icon_more_b  Details

Click a computer to display comprehensive details.

 

icon_incidents_b  Terminal

The terminal is a nifty feature for advanced security professionals in allowing PowerShell to be invoked remotely on an endpoint without breaking the end‐user's workflow (or an attacker noticing that someone is onto him). PowerShell provides many options for detailed investigation and remediation of an endpoint without relying solely on the actions built into ESET Inspect.

 

icon_detections_b  Alerts

 

icon_detections_b  Detections

Provides the main Detections for the selected computer. Select a detection to display Detection details to view the changes, including displaying the name of the triggering Rule with a link and Rule category name, Event link, Occurred time and date, triggering process link, Command line, and information about the user to whom the detection is related.

 

icon_executables_b  Executables

This screen provides you with the same options as the main Executables tab, except the list contains only executables triggered on a specific computer.

 

icon_scripts_b  Scripts

Display the same options as the main Scripts tab, except the list contains only scripts triggered on a specific computer.

 

icon_events_load_b  Events

The Events screen shows the list of all events that occurred on this computer. To find out details about a event, select a event to open the Process details. A low-level event is something a process does. So, write a file, do a DNS lookup, create a registry entry, etc. ESET Inspect analysis low-level events to find suspicious activities and report detections.

Click a computer to take further actions:

Details

Go to the Computer details tab.

Details (Protect)

Go to the ESET PROTECT Web Console.

Detections

Go to the Detections tab.

Executables

Go to the Executables tab.

Scripts

Go to the Scripts tab.

Events

Go to the Events tab.

Scan

Sends the command to Endpoint to start an immediate scan of the computer (or use the Action button).

Network Isolation

Isolate the computer from the network (only connections between ESET Security products are available). If required, you can also End isolation (available only for Windows endpoints; File Security from 7.2.12003.0).

Connect via Terminal

Go to the Terminal tab.

Power

Sends the command to reboot or shut down the computer.

Send wake-up call

Sends the Wake-Up command to force the computer to send all events since the last connection (or use Action button).

Generate SysInspector log

Generate the SysInspector log and review it in the computer's details (or use the Action button).

Tags

Assign tag(s) to a computer from the list of existing, or create a new custom tag(s).

Audit log

Go to the Audit log tab.

Filter

Quick filters, depending on the column where you activated the context menu (Show only this, Hide this).

Incident

Create an incident report, or add to an existing incident (currently active).

Filter the computers by the following statutes:

Alarm_Severity_Threat Threat

Detection(s) with threat severity present on this computer.

Alarm_Severity_Warning Warning

Detection(s) with warning severity present on this computer.

Alarm_Severity_Info Info

Detection(s) with info severity present on this computer.

Executables_Status_Ok OK

No detections were triggered on this computer, or all are resolved.

Executables_Status_Unmonitored Unmonitored

ESET Inspect Connector is not installed on this computer. (ESET Inspect know about this computer because the ESET PROTECT sent it from an Active Directory).