Loaded Modules (DLLs)

The list of all DLLs loaded by this process. You can select all DLLs available on the screen or select individual one and Mark as Safe, Mark as Unsafe, Block, Unblock, Mark as Inspected, Mark as Uninspected them, or click Seen On button to get the list of computers on which these DLLs were seen on by using the buttons located at the bottom of the screen.

The process tree on the right side - The process tree reflects the parent-child relationship between processes where child processes are shown directly beneath their parent and right-indented. Processes that are on the left are orphans.

Filtering, Tags and Table options

Use filters at the top of the screen to refine the list of displayed items. Tags are also powerful when searching for a specific computer, detection, incident, executable, or script. Also you can click the gear gear_icon icon for table options to manage the main table.

Click load modules to take further actions:

Details

Go to the Executable details tab.

Detections

Go to the Detections tab.

Statistics

Go to the Statistics tab.

Seen On

Go to the Seen On tab.

Sources

Go to the Sources tab.

Mark as Safe

Safe state, many rules determine the risk. Mark as Safe does have an impact on detections. Mark as Safe does not necessarily guarantee that a specific module will never be included in detections. There are a few hundred rules, and some raise detections, regardless of which module executed the suspicious action. For example, a popular instance, trusted modules as PowerShell, can do it. Other rules try to evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module, and it is unlikely that the module is malicious, so rules assume that the risk is earlier during the evaluation.

Mark as Unsafe

If you marked as safe some executable by mistake, you could use this to unmark it.

Block

Go to the Block Hashes tab.

Unblock

Hash from Blocked Hash section is removed.

Mark as Inspected

Does not have an impact on detections. The module can be marked this way if the Security Admin / Reviewer checks them, knows the module's source and what it does, is still unsure whether the module is safe.

Mark as Uninspected

Will mark the executable as uninspected by the logged user.

Download File

The download window for the affected DLL appears.

Tags

Assign tag(s) to a computer from the list of existing, or create a new custom tag(s).

Filter

Quick filters, depending on the column where you activated the context menu (Show only this, Hide this).