Behavioral report
In the Web Console, navigate to Submitted Files. Select the file and click Show Details > View Behavior to see the File Behavior Report. This report contains essential data about the inspected file and observed behavior from the sandbox analysis. Each sample can have multiple observed behaviors. Depending on the license type you own, you can see two different behavior report layouts and results.
Non-EDR/XDR license users
The report consists of the following:
1.Result—Final assessment of the file.
2.Advanced scanning engines—Results from the scanning layer.
3.Behavioral analysis sandbox—Results from the behavioral layer.
4.Analyzed behaviors—List of analyzed behaviors and their results.
EDR/XDR license users
You can download Behavioral report via the Download PDF button. |
The report consists of the following:
1.Result—Final assessment of the file.
2.File details—Results from the scanning layer.
3.SHA-1 hash—Contains hash and a link to VirusTotal.
4.SHA-256 hash—Contains SHA-256 hash.
5.Sandbox details—Results from the behavioral layer.
6.Analyzed behaviors—List of detected behaviors and their results. You can use the Search bar to navigate through the details after analysis.
Behavioral report example
Analyzed behaviorsUse the Search bar or view the logs based on the following: 1.Process—The tree-structured list of actions grouped based on running processes. You can see the files and registry changes grouped by process. Process tab is divided into these sections: •Process—List of actions taken about processes. •File—Details about the affected files. •Registry—Details about the affected registries. •Network—List of network activities. •Other—Objects such as events, mutex, WMI queries.
2.Operations—The list of actions based on operation type. Operations tab is divided to sections: •Process—List of actions taken about processes. •File—Details about the affected files. •Registry—Details about the affected registries. •Network—List of network activities. •Other—Objects such as events, mutex, WMI queries. •Interaction—Detailed Sandbox interaction overview
3.API Logs—Overview of the process activity through selected system functions. |