ESET Inspect On-Prem

ESET Inspect On-Prem – Table of Contents

ClientProcessInfo

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

ClientProcessInfo is available only in combination with the WmiExecution, WmiQuery and CodeInjection operations, which have a client process. A client process is a process that actually executed a WMI method.

Property	Type	Description	Example
CaseSensitiveCommandLine	String	Allows creating rules for command line that is case sensitive
CommandLine	String	Process command line	file.txt
CommandLineLength	Int	Length of the command line	123
Compromised	Bool	The process was marked as compromised by a rule with MarkAsCompromised action	true/false or 1/0
IntegrityLevel	Symbol	Integrity level of the process	Possible values are: •0—Untrusted •4096—Low •8192—Medium •12288—High •16384—System •20480—Protected process
LnkPath	String	Contains a path to a shortcut execution
ProcessDistance	Int	The distance of the process from the current process	123
ProcessLevel	Int	Depth of the process in process hierarchy	123
ProcessOwner	String	The user that created the process

Supported operations

•Codeinjection

•WmiExecution

•WmiQuery

˄˅