Executable details
There are the following tiles with details about the executable:
•Name—The executable or DLL’s name.
•Select Tags—Assign existing tags to a computer or create custom tags.
•Signature Type—The signature type, if signed: Trusted, Valid, None, Invalid or Unknown. The executable is signed if the value is Present, but ESET Inspect On-Prem cannot identify the certificate's status. While uncommon for Windows, on MacOS, Endpoint does not verify signatures, and the only states are Present or None.
•Seen on—The computers where the file was discovered. Click Seen on to be redirected to the Computers view, where you can find a filtered list.
•First Seen—When an executable was first seen on any computer in a monitored network.
•Last Executed—When an executable was last executed on any computer in a monitored network.
•Reputation (LiveGrid®)—A number from 1 to 9, indicating how safe the file is: 1–2 (red) is malicious, 3–7 (yellow) is suspicious, 8–9 (green) is safe.
•Popularity (LiveGrid®)—How many computers reported an executable to LiveGrid®.
•First Seen (LiveGrid®)—When an executable was first seen on any computer connected to LiveGrid®.
Popularity |
No. computers affected in LiveGrid® |
Color |
Description |
---|---|---|---|
0 |
0 |
Red |
Not seen |
1 |
1–9 |
Red |
Low |
2 |
10–99 |
Yellow |
Medium |
3 |
100–999 |
Yellow |
Medium |
4 |
1 000–9 999 |
Yellow |
Medium |
5 |
10 000–99 999 |
Green |
High |
6 |
100 000–999 999 |
Green |
High |
7 |
1 000 000–9 999 999 |
Green |
High |
8 |
10 000 000–99 999 999 |
Green |
High |
9 |
100 000 000–999 999 999 |
Green |
High |
10 |
1 000 000 000–9 999 999 999 |
Green |
High |
11 |
10 000 000 000–99 999 999 999 |
Green |
High |
•File—Number of file modifications the executable made.
•Registry—Number of registry modifications the executable made.
•Network—Number of network connections the executable made.
Unresolved Detections
Threats |
Threat severity detections are present. |
---|---|
Warnings |
Warning severity detections are present. |
Informational |
Informational severity detections are present. |
•SHA-1—The executable's hash.
Click the gear icon next to the hash to show the context menu, where you can find two options:
•Open the Virus Total search page, which you can define in the Settings tab.
•Copy to clipboard to add the hash to your clipboard.
•SHA-256—Available when the 256-bit hash is present.
•MD5—Available when the MD5 hash is present.
•Signature Type—The signature type, if signed: Trusted, Valid, None, Invalid or Unknown. The executable is signed if the value is Present, but ESET Inspect On-Prem cannot identify the certificate's status. While uncommon for Windows, on MacOS, Endpoint does not verify signatures, and the only states are Present or None.
•User Id—macOS only; same as the Windows file description column.
•Signature CN #1—macOS only; same as the Windows product name column.
•Signature CN #2—macOS only; same as the Windows file version column.
•Signature CN #3—macOS only; same as the Windows product version column.
•Signature CN #4—macOS only; same as the Windows internal name column.
•Signature CN #5—macOS only; same as the Windows original filename.
•Signature Id—macOS only; same as the Windows company name column.
•Whitelist type—Information for whitelisted executables:
•Certificate—The executable is whitelisted because it is signed by the trusted certificate.
•LiveGrid®—The executable is whitelisted because ESET confirmed the file's trustworthiness.
•File description—The file's full description, for example, Keyboard Driver for AT-Style Keyboards.
•File version—The file’s version number, for example, "3.10" or "5.00.RC2".
•Company name—Company that produced the file, for example, Microsoft Corporation.
•Product name—The product’s name that distributed the file.
•Product version—The product’s version that distributed the file.
•Internal name—Internal filename, if assigned; for example, an executable name if the file is a dynamic-link library. If the file has no internal name, this string will be the original filename without the file extension.
•Original file name—The original filename, not including a path. Allows an application to determine whether a user has renamed a file. The name format depends on the file system for which the file was created.
•Packer name—The packer’s name, if applicable.
•SFX name—Self-extracting archive type on a packed executable.
•File size—The file size on the disk.
•First seen—When was executable first identified by ESET Inspect On-Prem on any computer.
•First executed—When the executable was first executed on any computer. Click to be redirected to the executable’s Process details.
•Last Executed—When an executable was last executed on any computer in a monitored network.
•Marked as safe—Marked as safe by users of ESET Inspect Web Console. If the status is "No," use the action button to change.
•Blocked—Blocked by users of ESET Inspect Web Console.
•Nearmiss report—If the detection is triggered by malware, but we cannot guarantee it is malware.
•Note—A text field for adding notes. Click the Set note blue string on the window's right side.
•Status—The behavioral analysis result or the absence of a result (Unknown/Clean/Suspicious/Highly suspicious/Malicious).
•State—The executable's present station in the analysis workflow.
•Sent On—The time when the executable was sent to ESET LiveGuard.
•Last Processed On—The time when the executable was last processed.
•Behavior—The link to the executable’s behavioral report.
•Audit Log—Actions taken on this detection; currently: Resolved, Unresolved, Commented and Priority Changed.
•Comments—Add a comment.
Action buttons:
Incident |
oCreate an incident report oAdd to a current incident oAdd to recent incident, which shows the last three incidents oSelect incident to add to |
---|---|
Block |
Go to the Block Hashes tab. |
Unblock |
Remove hash from Blocked Hash section. |
Mark as Safe |
Mark targets in Safe state; many rules determine the risk. Mark as Safe impact detections. Select the targets you want to mark as safe from the target window. Mark as Safe does not guarantee that a specific module will not be included in detections. There are several hundred rules—some raise detections regardless of which module executed the suspicious action, including trusted modules like PowerShell. Other rules evaluate risk based on the module. Such rules consider the “safe” flag. This flag means that the user analyzed the module and determined it is unlikely to be malicious, so rules assume that the risk is earlier in the evaluation. |
Mark as Unsafe |
Mark an executable as unsafe. |
Download File |
The affected DLL's download window appears. |
Submit to ESET LiveGuard |
Manually submit a file for ESET LiveGuard analysis, available in ESET PROTECT On-Prem version 10.1 or later. |
Filter Events |
Create an event storage filter. |
Tags |
Assign detection tags from the existing list or create custom tags. |
Filter |
Show quick filters on the column where you activated the context menu (Show only this, Hide this). |