ESET Online Help

Search English
Select the topic

Behavioral report

In the Web Console, navigate to Submitted Files. Select the file and click Show Details > View Behavior to see the File Behavior Report. This report contains essential data about the inspected file and observed behavior from the sandbox analysis. Each sample can have multiple observed behaviors. Depending on the license type you own, you can see two different behavior report layouts and results.

Non-EDR/XDR license users

The report consists of the following:

1.Result—Final assessment of the file.

2.Advanced scanning engines—Results from the scanning layer.

3.Behavioral analysis sandbox—Results from the behavioral layer.

4.Analyzed behaviors—List of analyzed behaviors and their results.

behaviors_old

EDR/XDR license users


note

You can download Behavioral report via the Download PDF button.

The report consists of the following:

1.Result—Final assessment of the file.

2.File details—Results from the scanning layer.

3.SHA-1 hash—Contains hash and a link to VirusTotal.

4.SHA-256 hash—Contains SHA-256 hash.

5.Sandbox details—Results from the behavioral layer.

6.Analyzed behaviorsList of detected behaviors and their results. You can use the Search bar to navigate through the details after analysis.

example

Behavioral report example

behaviors

Analyzed behaviors

Use the Search bar or view the logs based on the following:

1.ProcessThe tree-structured list of actions grouped based on running processes. You can see the files and registry changes grouped by process.  Process tab is divided into these sections:

Process—List of actions taken about processes.

File—Details about the affected files.

Registry—Details about the affected registries.

Network—List of network activities.

Other—Objects such as events, mutex, WMI queries.

 

2.OperationsThe list of actions based on operation type. Operations tab is divided to sections:

Process—List of actions taken about processes.

File—Details about the affected files.

Registry—Details about the affected registries.

Network—List of network activities.

Other—Objects such as events, mutex, WMI queries.

Interaction—Detailed Sandbox interaction overview

 

3.API Logs—Overview of the process activity through selected system functions.