ESET Online Help

Search English
Select the topic

Behavioral report

In the Web Console, navigate to Submitted Files. Select the file and click Show Details > View Behavior to see the File Behavior Report. This report contains essential data about the inspected file and observed behavior from the sandbox analysis. Each sample can have multiple observed behaviors. Depending on the license type you own, you can see two different behavior report layouts and results.

Non-EDR/XDR license users

The report consists of the following:

1.Result—Final assessment of the file.

2.Advanced scanning engines—Results from the scanning layer.

3.Behavioral analysis sandbox—Results from the behavioral layer.

4.Analyzed behaviors—List of analyzed behaviors and their results.

behaviors_old

EDR/XDR license users

note

You can download Behavioral report via the Download PDF button.

The report consists of the following:

1.Result—Final assessment of the file.

2.File details—Results from the scanning layer.

3.SHA-1 hash—Contains hash and a link to VirusTotal.

4.SHA-256 hash—Contains SHA-256 hash.

5.Sandbox details—Results from the behavioral layer.

6.Analyzed behaviors—List of detected behaviors and their results. You can use the search bar to navigate through the details after analysis.

7.Static analysis—You can see the Static analysis section to analyze samples within their environments.

example

Behavioral report

behaviors

Use the Search bar or view the logs based on the following:

1.Process—The tree-structured list of actions grouped based on running processes. You can see the files and registry changes grouped by process. The Process tab is divided into these sections:

Process—List of actions taken on processes.

File—Details about the affected files.

Registry—Details about the affected registries.

Network—List of network activities.

Other—Objects such as events, mutex, WMI queries.

 

2.Operations—List of actions based on operation type. The Operations tab is divided into sections:

Process—List of actions taken on processes.

File—Details about the affected files.

Registry—Details about the affected registries.

Network—List of network activities.

Other—Objects such as events, mutex, WMI queries.

Interaction—Detailed sandbox interaction overview.

 

3.API Logs—Overview of the process activity through selected system functions.

process_api

analyzed_behaviors

Static analysis

You can see the Static analysis section to analyze samples within their environments. Here, you have the following tabs:

Details—Two windows will display: A General info window with an overview of the file and a Versions window with the file version details.

File geometry—Lists structural information obtained from ESET subsystems. The files included in a nested file are highlighted.

Imports—Lists visible libraries and their imports, including those unaffected by the file. You can find the dynamically loaded libraries and their imports in the API Logs section. The files included in a nested file are highlighted.

Exports—Lists the export functions valid for .dll files.

Sections—Lists the portable executables containing code and data complying with the program.

Resources—Lists the content from the .rsrc section. The files with the known file type are highlighted.

Methods—Lists the methods and functions utilized by the samples.

MacOS—Lists Objective-C classes specific to macOS samples. The files included in a nested file are highlighted.

static_an

note

The example displays only four tabs, there may be more depending on the file type.