ESET Online Help

Search
Select the category
Select the topic

Executable details

There are the following tiles with details about the executable:

Name—The executable or DLL’s name.

Select Tags—Assign existing tags to a computer or create custom tags.

Signature Type—The signature type, if signed: Trusted, Valid, None, Invalid or Unknown. The executable is signed if the value is Present, but ESET Inspect cannot identify the certificate's status. While uncommon for Windows, on MacOS, Endpoint does not verify signatures, and the only states are Present or None.

Seen on—The computers where the file was discovered. Click Seen on to be redirected to the Computers view, where you can find a filtered list.

First Seen—When an executable was first seen on any computer in a monitored network.

Last Executed—When an executable was last executed on any computer in a monitored network.

Reputation (LiveGrid®)—A number from 1 to 9, indicating how safe the file is: 1–2 (red) is malicious, 3–7 (yellow) is suspicious, 8–9 (green) is safe.

Popularity (LiveGrid®)—How many computers reported an executable to LiveGrid®.

First Seen (LiveGrid®)—When an executable was first seen on any computer connected to LiveGrid®.

 

Popularity

No. computers affected in LiveGrid®

Color

Description

0

0

Red

Not seen

1

1–9

Red

Low

2

10–99

Yellow

Medium

3

100–999

Yellow

Medium

4

1 000–9 999

Yellow

Medium

5

10 000–99 999

Green

High

6

100 000–999 999

Green

High

7

1 000 000–9 999 999

Green

High

8

10 000 000–99 999 999

Green

High

9

100 000 000–999 999 999

Green

High

10

1 000 000 000–9 999 999 999

Green

High

11

10 000 000 000–99 999 999 999

Green

High

File—Number of file modifications the executable made.

Registry—Number of registry modifications the executable made.

Network—Number of network connections the executable made.

Unresolved Detections (Unique/Total):

alarm_severity_threat Threats

Threat severity detections are present.

alarm_severity_warning Warnings

Warning severity detections are present.

alarm_severity_info Informational

Informational severity detections are present.

 

SHA-1—The executable's hash.

Click the gear gear_icon icon next to the hash to show the context menu, where you can find two options:

Open the Virus Total search page, which you can define in the Settings tab.

Copy to clipboard to add the hash to your clipboard.

SHA-256—Available when the 256-bit hash is present.

MD5—Available when the MD5 hash is present.

Signature Type—The signature type, if signed: Trusted, Valid, None, Invalid or Unknown. The executable is signed if the value is Present, but ESET Inspect cannot identify the certificate's status. While uncommon for Windows, on MacOS, Endpoint does not verify signatures, and the only states are Present or None.

User Id—macOS only; same as the Windows file description column.

Signature CN #1—macOS only; same as the Windows product name column.

Signature CN #2—macOS only; same as the Windows file version column.

Signature CN #3—macOS only; same as the Windows product version column.

Signature CN #4—macOS only; same as the Windows internal name column.

Signature CN #5—macOS only; same as the Windows original filename.

Signature Id—macOS only; same as the Windows company name column.

Whitelist type—Information for whitelisted executables:

Certificate—The executable is whitelisted because it is signed by the trusted certificate.

LiveGrid®—The executable is whitelisted because ESET confirmed the file's trustworthiness.

File description—The file's full description, for example, Keyboard Driver for AT-Style Keyboards.

File version—The file’s version number, for example, "3.10" or "5.00.RC2".

Company name—Company that produced the file, for example, Microsoft Corporation.

Product name—The product’s name that distributed the file.

Product version—The product’s version that distributed the file.

Internal name—Internal filename, if assigned; for example, an executable name if the file is a dynamic-link library. If the file has no internal name, this string will be the original filename without the file extension.

Original file name—The original filename, not including a path. Allows an application to determine whether a user has renamed a file. The name format depends on the file system for which the file was created.

Packer name—The packer’s name, if applicable.

SFX name—Self-extracting archive type on a packed executable.

File size—The file size on the disk.

First seen—When was executable first identified by ESET Inspect on any computer.

First executed—When the executable was first executed on any computer. Click to be redirected to the executable’s Process details.

Last Executed—When an executable was last executed on any computer in a monitored network.

Marked as safe—Marked as safe by users of ESET Inspect Web Console. If the status is "No," use the action button to change.

Blocked—Blocked by users of ESET Inspect Web Console.

Nearmiss report—If the detection is triggered by malware, but we cannot guarantee it is malware.

Note—A text field for adding notes. Click the Set note blue string on the window's right side.

Status—The behavioral analysis result or the absence of a result (Unknown/Clean/Suspicious/Highly suspicious/Malicious).

State—The executable's present station in the analysis workflow.

Sent On—The time when the executable was sent to ESET LiveGuard.

Last Processed On—The time when the executable was last processed.

Behavior—The link to the executable’s behavioral report.

Audit Log—Actions taken on this detection; currently: Resolved, Unresolved, Commented and Priority Changed.

Comments—Add a comment.

 

Action buttons:

Incident

oCreate an incident report

oAdd to a current incident

oAdd to recent incident, which shows the last three incidents

oSelect incident to add to

Block

Go to the Block Hashes tab.

Unblock

Remove hash from Blocked Hash section.

Mark as Safe

Mark targets in Safe state; many rules determine the risk. Mark as Safe impact detections. Select the targets you want to mark as safe from the target window. Mark as Safe does not guarantee that a specific module will not be included in detections. There are several hundred rules—some raise detections regardless of which module executed the suspicious action, including trusted modules like PowerShell. Other rules evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module and determined it is unlikely to be malicious, so rules assume that the risk is earlier in the evaluation.

Mark as Unsafe

Mark an executable as unsafe.

Download File

The affected DLL's download window appears.

Submit to ESET LiveGuard

Manually submit a file for ESET LiveGuard analysis, available in ESET PROTECT On-Prem version 10.1 or later.

Filter Events

Create an event storage filter.

Tags

Assign detection tags from the existing list or create custom tags.

Filter

Show quick filters on the column where you activated the context menu (Show only this, Hide this).