ESET Online Help

Search
Select the category
Select the topic

Executables

The executables table represents a repository of all the discovered executables and DLLs within the ESET Inspect-monitored network.

For each executable, granular statistics are provided, such as reputation/popularity in LiveGrid®, first seen by LiveGrid®, how many computers it was seen/executed and further metadata. These statistics help identify an executable’s potentially suspicious behavior.

The executables table is ESET Inspect’s most data-dense view. It allows the most powerful customization options for displaying columns and filtering. You can find details for how many detections each executable triggered and the highest severity.

You can check every executable’s details, including the information mentioned above, the executable’s origin and registry entries. This information will help you investigate based on what behavior was evaluated as malicious in the executable.

You can also drill down to aggregated/raw events to find activities violating company policy. You can take remediation action—download the executable for further investigation, add it to a block list (by hash) and kill a specific process.

Filtering, Tags and Table options

Use filters at the top of the screen to refine the displayed items. Tags are powerful when searching for a specific computer, detection, incident, executable or script. Click the gear gear_icon icon for table options to manage the main table.

OS type (filter icons)

Click an icon to hide items. Filter by Operating System to see or hide the executables for icon_os_win Windows, icon_os_macos macOS or icon_os_linux Linux.

Executable type (filter icons)

Click to see only icon_exe EXE or icon_dll DLL files, or both simultaneously, where:

EXE = executable file

DLL = library file

Status

You can filter executables to view or hide those marked as alarm_severity_threat Threat, alarm_severity_warning Warning, alarm_severity_info Information, executables_status_ok OK

 

The Executables details window consists of the following parts:

Details

Click an executable to display comprehensive details.

Statistics

Lists statistical information about a specific executable or executable with the same file checksum.

Seen on—Number of computers where the executable occurred.

Executed on—Number of computers on which the executable executed.

Executions count—Total number of executions.

Sent bytes—Total number of bytes sent by the file from all computers for all processes.

Network connections—Number of network connections the file made.

File modifications—Number of files modified (written to, deleted, renamed).

Registry modifications—Number of registry entries modified.

Executable drops—Number of dropped executables.

HTTP Events—Number of HTTP events.

DNS Events—Number of DNS events.

Events/24H—Number of events within 24 hours.

Detections

Provides the same options as the main Detections, but only those triggered by this specific executable. Click a Detection to be redirected to its Detection details.

Seen on

Lists all computers where the executable or executables with the same file checksum were seen.

Sources

Lists dropped executables and additional information.

Click an executable to take further action:

Details

Go to the Executable details tab.

Statistics

Go to the Statistics tab.

Detections

Go to the Detections tab.

Seen On

Go to the Seen On tab.

Sources

Go to the Sources tab.

Block

Go to the Block Hashes tab.

Unblock

Remove hash from Blocked Hash section.

Mark as Safe

Mark targets in Safe state; many rules determine the risk. Mark as Safe impact detections. Select the targets you want to mark as safe from the target window. Mark as Safe does not guarantee that a specific module will not be included in detections. There are several hundred rules—some raise detections regardless of which module executed the suspicious action, including trusted modules like PowerShell. Other rules evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module and determined it is unlikely to be malicious, so rules assume that the risk is earlier in the evaluation.

Mark as Unsafe

Mark an executable as unsafe.

Download File

The affected DLL's download window appears.

Submit to ESET LiveGuard

Manually submit a file for ESET LiveGuard analysis, available in ESET PROTECT On-Prem version 10.1 or later.

Filter events

Go to the Create event storage filter.

Tags

Assign detection tags from the existing list or create custom tags.

Audit log

Go to the Audit log tab.

Filter

Show quick filters on the column where you activated the context menu (Show only this, Hide this).


warning

Do not Block or Kill any Windows system processes or executables, such as svchost.exe. This may cause an operating system crash.