Loaded Modules (DLLs)
This process loads the complete DLL list. You can select all DLLs on the screen or select individual ones. Mark as Safe, Mark as Unsafe, Block, Unblock, Mark as Inspected, Mark as Not inspected or click Seen On button to get the list of computers on which these DLLs were seen on by using the buttons located at the bottom of the screen.
The process tree on the right side
The process tree reflects the parent-child relationship between processes where child processes are shown directly beneath their parent and right-indented. Processes on the left are orphans, and their parent has exited.
Filtering, Tags and Table options
Use filters at the top of the screen to refine the displayed items. Tags are powerful when searching for a specific computer, detection, incident, executable or script. Click the gear icon for table options to manage the main table.
Click a loaded module to take further action:
Details |
Go to the Executable details tab. |
---|---|
Statistics |
Go to the Statistics tab. |
Detections |
Go to the Detections tab. |
Seen On |
Go to the Seen On tab. |
Sources |
Go to the Sources tab. |
Block |
Go to the Block Hashes tab. |
Unblock |
Remove hash from Blocked Hash section. |
Mark as Safe |
Mark targets in Safe state; many rules determine the risk. Mark as Safe impact detections. Select the targets you want to mark as safe from the target window. Mark as Safe does not guarantee that a specific module will not be included in detections. There are several hundred rules—some raise detections regardless of which module executed the suspicious action, including trusted modules like PowerShell. Other rules evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module and determined it is unlikely to be malicious, so rules assume that the risk is earlier in the evaluation. |
Mark as Unsafe |
Mark an executable as unsafe. |
Download File |
The affected DLL's download window appears. |
Tags |
Assign detection tags from the existing list or create custom tags. |
Filter |
Show quick filters on the column where you activated the context menu (Show only this, Hide this). |