ESET Online Help

Search
Select the category
Select the topic

Scripts

Many recent attacks/infections are performed using file-less malware, which happens by executions of scripts that deliver a malicious payload or do any harmful activity.

ESET Inspect provides granular insight into all scripts executed within the company. Shows details about what changes were done and if any of the scripts triggered a specific behavior-based detection.

Security engineers can see details about the Event, entire process tree, detailed Command line parameters (arguments). All of that is needed for a detailed forensic investigation.

Use filters and group scripts by the Command line to easily spot anomalies or potentially suspicious activities.

Visual Basic scripts and scripts for PowerShell (WScript and CScript) are supported.

Filtering, Tags and Table options

Use filters at the top of the screen to refine the list of displayed items. Tags are also powerful when searching for a specific computer, detection, incident, executable, or script. Also you can click the gear gear_icon icon for table options to manage the main table.

Process Groups:

Ungrouped - List of scripts sorted by Process Name (ID).

First child executable - Grouped by the first child process that is a successor of the script. Name and the process ID in Task Manager.

Parent executable - Grouped by parent process that is an ancestor of the script. Name and the process ID in Task Manager. in Task Manager.

Command line - Grouped by the Command line / Process Name (ID) used to execute the executable.

 

Create Exclusion

Click process name to take further actions:

Details

Go to the Process details tab.

Detections

Go to the Detections tab with a list of detections for this specific script.

Aggregated Events

Go to the Aggregated events of of this specific process.

Detections

Go to the Raw Events tab.

Raw Events

Go to the Events tab.

Loaded Modules

Sends the command to Endpoint to start an immediate scan of the computer.

Parent Process

Go to the Raw Events tab of this specific process.

First Child Process

Go to the Loaded Modules tab.

Mark as Safe

Safe state, many rules determine the risk. Mark as Safe does have an impact on detections. Mark as Safe does not necessarily guarantee that a specific module will never be included in detections. There are a few hundred rules, and some raise detections, regardless of which module executed the suspicious action. For example, a popular instance, trusted modules as PowerShell, can do it. Other rules try to evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module, and it is unlikely that the module is malicious, so rules assume that the risk is earlier during the evaluation.

Mark as Unsafe

If you marked as safe some executable by mistake, you could use this to unmark it.

Create Exclusion

Create an exclusion for a specified script(s).

Download Script

The download window for the script for further investigation. Only if the script is still available in the network.

Tags

Assign tag(s) to a process from the list of existing, or create a new custom tag(s).

Filter

Quick filters, depending on the column where you activated the context menu (Show only this, Hide this).