Executable details

There are the following tiles with details about the executable:

Name - The name of the executable or DLL is shown.

Select Tags -  Assign tag(s) to a computer from the list of existing, or create a new custom tag(s).

Signature Type - Information whether the file is signed or not and how it is signed (Trusted/Valid/None/Invalid/Unknown).

Signer Name - If the file is signed, here you can see the signer of the file.

Seen on - The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view, with a filtered computers list.

First Seen - When an executable was first seen on any computer in a monitored network.

Last Executed - When an executable was last executed on any computer in a monitored network.

Reputation (LiveGrid®) - Is a number from 1 to 9, indicating how safe the file is. 1-2 Red is malicious, 3-7 Yellow is suspicious, 8-9 Green is safe.

Popularity (LiveGrid®) - How many computers reported an executable to LiveGrid®.

First Seen (LiveGrid®) - When an executable was first seen on any computer connected to LiveGrid®.

 

Popularity

On how many computers it was seen in LiveGrid®

Color

Description

0

0

red

Not seen

1

1 - 9

red

Low

2

10 - 99

yellow

Medium

3

100 - 999

yellow

Medium

4

1 000 - 9 999

yellow

Medium

5

10 000 - 99 999

green

High

6

100 000 - 999 999

green

High

7

1 000 000 - 9 999 999

green

High

8

10 000 000 - 99 999 999

green

High

9

100 000 000 - 999 999 999

green

High

10

1 000 000 000 - 9 999 999 999

green

High

11

10 000 000 000 - 99 999 999 999

green

High

 

File - How many file modifications were made by this executable.

Registry - How many registry modifications were made by this executable.

Network - How many network connections were made by this executable.

 

Unresolved Detections (Unique / Total):

Alarm_Severity_Threat Threats

Detection(s) with threat severity present on this computer.

Alarm_Severity_Warning Warning

Detection(s) with warning severity present on this computer.

Alarm_Severity_Info Info

Detection(s) with info severity present on this computer.

The executable that triggered the detection. After clicking the name, you are redirected to the Executable details.

SHA-1 - Hash of the executable.

By clicking the down arrow next to the hash, the context menu shows up, where you can use two options:

Open the Virus Total search page that you can define in the Settings.

Copy to clipboard - The hash to your clipboard for further use.

SHA-256 - If available the 256 bit hash is present.

MD5 - if available the MD5 hash is present.

Signature Type - Information whether the file is signed or not and how it is signed (Trusted/Valid/None/Invalid/Unknown).

Signer Name - If the file is signed, here you can see the signer of the file.

User Id - For macOS only. Same as file description column for windows.

Signature Id - For macOS only. Same as company name column for windows.

Signature CN #1 - For macOS only. Same as product name column for windows.

Signature CN #2 - For macOS only. Same as file version column for windows.

Signature CN #3 - For macOS only. Same as product version column for windows.

Signature CN #4 - For macOS only. Same as internal name column for windows.

Signature CN #5 - For macOS only. Same as original file name column for windows.

Whitelist type - Information if an executable is whitelisted:

Certificate - The executable is whitelisted because it is signed by the trusted certificate.

LiveGrid® - The executable is whitelisted because the trustworthiness of the file was confirmed by ESET.

File description - File description of the file, for example, "Keyboard Driver for AT-Style Keyboards".

File version - Version number of the file, for example, "3.10" or "5.00.RC2".

Company name - Company that produced the file, Microsoft Corporation or Standard Micro-systems Corporation, Inc.

Product name - The name of the product with which the file is distributed.

Product version - Version of the product with which the file is distributed.

Internal name - Internal name of the file, if one exists, for example, an executable name if the file is a dynamic-link library. If the file has no internal name, this string will be the original file name, without extension.

Original file name - The original name of the file, not including a path. This information allows an application to determine whether a file has been renamed by a user. The format of the name depends on the file system for which the file was created

Packer name - The name of packer if a executable is packed.

SFX name - Self-extracting archive type, if an executable is packed.

File size - The size of the file on the disk.

First seen - When was executable first identified by ESET Inspect on any computer.

First executed - When was executable first executed on any computer. When clicked you are redirected to the Process details of this executable.

Last executed - When was executable executed last time on any computer.

Inspected - If the executable is marked as inspected by the user.

Marked as safe - Marked as safe by security engineers (users of ESET Inspect Web Console). If the status is "No" you can change with the action button.

Blocked - Blocked by Security Engineer (user of ESET Inspect Web Console).

Nearmiss report - If the detection triggered due to malware, but we can't hundred percent guarantee it is a malware.

Note - You can add the note by clicking the Set note blue string on the right side of the window.

Audit Log - You see actions that were taken on this detection. At the moment, Resolved, Unresolved, Commented, and Priority Changed.

Comments - Add an optional comment to recognize the detection easily.

 

Action buttons:

Incident

Create an incident report, or add to an existing incident (currently active).

Mark as Safe

Safe state, many rules determine the risk. Mark as Safe does have an impact on detections. Mark as Safe does not necessarily guarantee that a specific module will never be included in detections. There are a few hundred rules, and some raise detections, regardless of which module executed the suspicious action. For example, a popular instance, trusted modules such as PowerShell, can do it. Other rules try to evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module, and it is unlikely that the module is malicious, so rules assume that the risk is earlier during the evaluation.

Mark as Unsafe

If you marked as safe some executable by mistake, you could use this to unmark it.

Block

Go to the Block hashes tab.

Unblock

Hash from Blocked hash section is removed.

Mark as Inspected

Does not have an impact on detections. The module can be marked this way if the Security Admin / Reviewer checks them, knows the module's source and what it does, is still unsure whether the module is safe.

Mark as Uninspected

Will mark the executable as uninspected by the logged user.

Download File

The download window for the affected DLL appears.

Filter Events

Create event storage filter.

Tags

Assign tag(s) to an executable from the list of existing, or create a new custom tag(s).

Filter

Quick filters, depending on the column where you activated the context menu (Show only this, Hide this).