Executables
The executables table represents a repository of all the discovered executables and DLLs within the ESET Inspect-monitored network.
For each executable, granular statistics are provided, such as reputation/popularity in LiveGrid®, first seen by LiveGrid®, how many computers it was seen/executed and further metadata. These statistics help identify an executable’s potentially suspicious behavior.
The executables table is ESET Inspect’s most data-dense view. It allows the most powerful customization options for displaying columns and filtering. You can find details for how many detections each executable triggered and the highest severity.
You can check every executable’s details, including the information mentioned above, the executable’s origin and registry entries. This information will help you investigate based on what behavior was evaluated as malicious in the executable.
You can also drill down to aggregated/raw events to find activities violating company policy. You can take remediation action—download the executable for further investigation, add it to a block list (by hash) and kill a specific process.
Filtering, Tags and Table options
Use filters at the top of the screen to refine the displayed items. Tags are powerful when searching for a specific computer, detection, incident, executable or script. Click the gear icon for table options to manage the main table.
OS type (filter icons)
Click an icon to hide items. Filter by Operating System to see or hide the executables for Windows, macOS or Linux.
Executable type (filter icons)
Click to see only EXE or DLL files, or both simultaneously, where:
EXE = executable file
DLL = library file
Status
You can filter executables to view or hide those marked as Threat, Warning, Information, OK
The Executables details window consists of the following parts:
Click an executable to display comprehensive details. |
Lists statistical information about a specific executable or executable with the same file checksum. •Seen on—Number of computers where the executable occurred. •Executed on—Number of computers on which the executable executed. •Executions count—Total number of executions. •Sent bytes—Total number of bytes sent by the file from all computers for all processes. •Network connections—Number of network connections the file made. •File modifications—Number of files modified (written to, deleted, renamed). •Registry modifications—Number of registry entries modified. •Executable drops—Number of dropped executables. •HTTP Events—Number of HTTP events. •DNS Events—Number of DNS events. •Events/24H—Number of events within 24 hours. |
Provides the same options as the main Detections, but only those triggered by this specific executable. Click a Detection to be redirected to its Detection details. |
Lists all computers where the executable or executables with the same file checksum were seen. |
Lists dropped executables and additional information. |
Click an executable to take further action:
Details |
Go to the Executable details tab. |
---|---|
Statistics |
Go to the Statistics tab. |
Detections |
Go to the Detections tab. |
Seen On |
Go to the Seen On tab. |
Sources |
Go to the Sources tab. |
Block |
Go to the Block Hashes tab. |
Unblock |
Remove hash from Blocked Hash section. |
Mark as Safe |
Mark targets in Safe state; many rules determine the risk. Mark as Safe impact detections. Select the targets you want to mark as safe from the target window. Mark as Safe does not guarantee that a specific module will not be included in detections. There are several hundred rules—some raise detections regardless of which module executed the suspicious action, including trusted modules like PowerShell. Other rules evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module and determined it is unlikely to be malicious, so rules assume that the risk is earlier in the evaluation. |
Mark as Unsafe |
Mark an executable as unsafe. |
Download File |
The affected DLL's download window appears. |
Submit to ESET LiveGuard |
Manually submit a file for ESET LiveGuard analysis, available in ESET PROTECT On-Prem version 10.1 or later. |
Filter events |
Go to the Create event storage filter. |
Tags |
Assign detection tags from the existing list or create custom tags. |
Audit log |
Go to the Audit log tab. |
Filter |
Show quick filters on the column where you activated the context menu (Show only this, Hide this). |
Do not Block or Kill any Windows system processes or executables, such as svchost.exe. This may cause an operating system crash. |