ESET Online Help

Search
Select the category
Select the topic

GET List executables

Relative path: /v1/executables

List all the executables.

Query parameters

Name

Type

Description

pageSize

integer

Limit for pagination purposes.

If unspecified or 0, default value is 50. The maximum value is 1000; values above 1000 will be coerced to 1000.

Info: For more information, refer to Paginating Requests in APIs

or https://cloud.google.com/apis/design/design_patterns#list_pagination

pageToken

string

Page token of current page.

If not given or "", the first page is returned.

Info: For more information, refer to Paginating Requests in APIs

or https://cloud.google.com/apis/design/design_patterns#list_pagination



Responses

Display Schema instead of an Example or vice-versa

Code

Description

Example

Schema

200

Successful response.

{
  "executables": [
    {
      "applicationDisplayName": "string",
      "applicationVersionName": "string",
      "description": "string",
      "developerDisplayName": "string",
      "devicesCount": 0,
      "displayName": "string",
      "fileFormat": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
      "fileSize": "string",
      "firstOccurTime": "string",
      "hashMd5": "string",
      "hashSha1": "string",
      "hashSha2256": "string",
      "isBlocked": true,
      "isDynamicallyLinkedLibrary": true,
      "lastExecuteTime": "string",
      "libraryId": "string",
      "liveGridFindings": {
        "ageDays": 0,
        "firstOccurTime": "string",
        "popularity": 0,
        "reputation": 0
      },
      "machoSignature": {
        "codeIdentifier": "string",
        "teamIdentifier": "string"
      },
      "packerName": "string",
      "peVersionInfo": {
        "companyName": "string",
        "fileDescription": "string",
        "fileVersion": "string",
        "internalName": "string",
        "originalFileName": "string",
        "productName": "string",
        "productVersion": "string"
      },
      "sfxTypeName": "string",
      "signatures": [
        {
          "certificateChain": [
            {
              "issuerCommonName": "string",
              "subjectCommonName": "string"
            }
          ],
          "signatureTrustLevel": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
          "signerName": "string"
        }
      ],
      "tags": [
        "string"
      ],
      "versionName": "string",
      "uuid": "string"
    }
  ],
  "nextPageToken": "string"
}
{
  "$ref": "v1ListExecutablesResponse",
  "executables": [
    {
      "$ref": "v1Executable",
      "description": {
        "type": "string",
        "description": "File description of the file, for example, 'Keyboard Driver for AT-Style Keyboards'. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html File description"
      },
      "applicationDisplayName": {
        "type": "string",
        "description": "The name of the application with which the file is distributed. EI migration: Product name"
      },
      "applicationVersionName": {
        "type": "string",
        "description": "Version of the application with which the file is distributed. EI migration: Product version"
      },
      "developerDisplayName": {
        "type": "string",
        "description": "Human readable version of executable developer. For example: Microsoft Corporation or Standard Micro-systems Corporation, Inc. EI migration: Company name"
      },
      "devicesCount": {
        "type": "integer",
        "description": "The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view, with a filtered computers list. EI migration: Seen on",
        "format": "int64"
      },
      "displayName": {
        "type": "string",
        "description": "The name of the executable or DLL. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Name"
      },
      "fileFormat": {
        "$ref": "v1ExecutableFileFormat",
        "type": "string",
        "description": "Format of executable. Subset of more complete list. EXECUTABLE_FILE_FORMAT_UNSPECIFIED: fallback EXECUTABLE_FILE_FORMAT_ELF: Unix-like, OpenVMS, BeOS from R4 onwards, Haiku, SerenityOS EXECUTABLE_FILE_FORMAT_PE: Windows, ReactOS, HX DOS Extender, BeOS (R3 only) EXECUTABLE_FILE_FORMAT_MACHO: NeXTSTEP, macOS, iOS, watchOS, tvOS",
        "default": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
        "enum": [
          "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
          "EXECUTABLE_FILE_FORMAT_ELF",
          "EXECUTABLE_FILE_FORMAT_PE",
          "EXECUTABLE_FILE_FORMAT_MACHO"
        ]
      },
      "fileSize": {
        "type": "string",
        "description": "The size of the file on the disk.",
        "format": "uint64"
      },
      "firstOccurTime": {
        "type": "string",
        "description": "When an executable was first seen on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html First Seen",
        "format": "date-time"
      },
      "hashMd5": {
        "type": "string",
        "description": "MD5 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html MD5"
      },
      "hashSha1": {
        "type": "string",
        "description": "SHA1 hash of the executable. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Sha-1"
      },
      "hashSha2256": {
        "type": "string",
        "description": "SHA2-256 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Sha-256"
      },
      "isBlocked": {
        "type": "boolean",
        "description": "If true, the executable is blocked from being executed (globally)."
      },
      "isDynamicallyLinkedLibrary": {
        "title": "If true, the executable represents dynamically linked library (dynamic-link library, or DLL, under Windows and OS/2; shareable image under OpenVMS;[18] dynamic shared object, or DSO, under Unix-like systems)",
        "type": "boolean"
      },
      "lastExecuteTime": {
        "type": "string",
        "description": "When an executable was last executed on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Last Executed",
        "format": "date-time"
      },
      "libraryId": {
        "title": "Internal name for PE DLLs Shared object name in ELF dynamic libraries Library ID in MACHO dynamic libraries",
        "type": "string",
        "description": "Examples: Library ID for a MACHO dylib: „System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/ImageFormats/snorm16_rgba.dylib' And ELF shared object name (for a file called „libhgfs.so.0.0.0“): „libhgfs.so.0'"
      },
      "liveGridFindings": {
        "$ref": "v1LiveGridFindings",
        "description": "Findings of LiveGrid.",
        "ageDays": {
          "type": "integer",
          "description": "Age of the finding in days.",
          "format": "int64"
        },
        "firstOccurTime": {
          "type": "string",
          "description": "When an executable was first seen on any computer connected to LiveGrid®.",
          "format": "date-time"
        },
        "popularity": {
          "type": "number",
          "description": "How many computers reported an executable to LiveGrid®. Normalized to value between 0 and 1. This value is frequently shown in UI as a severity bar.",
          "format": "double"
        },
        "reputation": {
          "type": "number",
          "description": "Is a number from 0 to 1, indicating how safe the file is. Reputation > 0.0 && < 0.3 -> malicious Reputation > 0.3 && < 0.8 -> suspicious Reputation > 0.8 -> safe.",
          "format": "double"
        }
      },
      "machoSignature": {
        "$ref": "v1MachoSignature",
        "description": "Details of Mach-O signature.",
        "codeIdentifier": {
          "type": "string",
          "description": "The 'identifier' field is used to uniquely identify a specific version of the code or a code directory within the code signing process. Examples are: com.microsoft.edgemac.helper.renderer, com.eset.remoteadministrator.agent code identifier can be present also for unsigned files. Info: More details can be found at https://developer.apple.com/documentation/technotes/tn3127-inside-code-signing-requirements#Basics https://opensource.apple.com/source/Security/Security-55471.14/libsecurity_codesigning/lib/codedirectory.h.auto.html"
        },
        "teamIdentifier": {
          "type": "string",
          "description": "The Team ID is a unique 10-character string generated by Apple that’s assigned to your team. Once Apple has issued a Team ID to a team, we won’t issue that same Team ID to any other team. Also, only appropriately authorised members of that team can ship code signed with that Team ID. More on this: https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/"
        }
      },
      "packerName": {
        "type": "string",
        "description": "The name of packer if a executable is packed. EI migration: Packer name"
      },
      "peVersionInfo": {
        "$ref": "v1PeVersionInfo",
        "description": "Windows VersionInfo about portable executable.",
        "companyName": {
          "type": "string",
          "description": "Company that produced the file—for example, Microsoft Corporation or Standard Microsystems Corporation, Inc."
        },
        "fileDescription": {
          "type": "string",
          "description": "File description to be presented to users. This string may be displayed in a list box when the user is choosing files to install—for example, Keyboard Driver for AT-Style Keyboards."
        },
        "fileVersion": {
          "type": "string",
          "description": "Version number of the file—for example, 3.10 or 5.00.RC2."
        },
        "internalName": {
          "type": "string",
          "description": "Internal name of the file, if one exists—for example, a module name if the file is a dynamic-link library. If the file has no internal name, this string should be the original filename, without extension."
        },
        "originalFileName": {
          "type": "string",
          "description": "Original name of the file, not including a path. This information enables an application to determine whether a file has been renamed by a user. The format of the name depends on the file system for which the file was created."
        },
        "productName": {
          "type": "string",
          "description": "Name of the product with which the file is distributed."
        },
        "productVersion": {
          "type": "string",
          "description": "Version of the product with which the file is distributed—for example, 3.10 or 5.00.RC2."
        }
      },
      "sfxTypeName": {
        "type": "string",
        "description": "Self-extracting archive type, if an executable is packed. EI migration: SFX name"
      },
      "signatures": [
        {
          "$ref": "v1CodeSignature",
          "description": "Code signature details.",
          "certificateChain": [
            {
              "$ref": "v1Certificate",
              "description": "Represents cryptographic certificate.",
              "issuerCommonName": {
                "title": "CN part of distinguished Issuer Name (OID 2.5.4.3)",
                "type": "string",
                "description": "Issuer is the entity (Certificate Authority) that issues the certificate. The Issuer's identity is typically specified in the certificate."
              },
              "subjectCommonName": {
                "title": "CN part of distinguished Subject Name (OID 2.5.4.3)",
                "type": "string",
                "description": "Subject is the entity whose public key is bound to the certificate. The Subject's identity is also specified in the certificate."
              }
            }
          ],
          "signatureTrustLevel": {
            "$ref": "v1SignatureTrustLevel",
            "type": "string",
            "description": "Level of signature trust. Items are sorted by their trustworthiness from the least trustworthy case of ad-hoc signature to the signature trusted by ESET. Basically, 0 - 79 means untrusted and 80+ means trusted. SIGNATURE_TRUST_LEVEL_UNSPECIFIED: fallback SIGNATURE_TRUST_LEVEL_AD_HOC: Signature that is created without a certificate from a Certificate Authority (CA) is least trustworthy, because it can't be traced back to a known entity. For example: https://developer.apple.com/documentation/security/seccodesignatureflags/1397793-adhoc - SIGNATURE_TRUST_LEVEL_INVALID: The signature doesn't match the content it's supposed to be signing, or it's been signed with a certificate that's expired or revoked. It's not trustworthy. - SIGNATURE_TRUST_LEVEL_NO_SIGNATURE: There's no signature at all. It's not trustworthy because there's no way to verify the source or integrity of the content. - SIGNATURE_TRUST_LEVEL_SELF_SIGNED: The signature was created with a self-signed certificate. It's somewhat trustworthy, but less so than a signature from a CA because it can't be traced back to a known entity. - SIGNATURE_TRUST_LEVEL_OS_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by the operating system. It's generally trustworthy. - SIGNATURE_TRUST_LEVEL_ESET_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by ESET. It's generally trustworthy.",
            "default": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
            "enum": [
              "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
              "SIGNATURE_TRUST_LEVEL_AD_HOC",
              "SIGNATURE_TRUST_LEVEL_INVALID",
              "SIGNATURE_TRUST_LEVEL_NO_SIGNATURE",
              "SIGNATURE_TRUST_LEVEL_SELF_SIGNED",
              "SIGNATURE_TRUST_LEVEL_OS_TRUSTED",
              "SIGNATURE_TRUST_LEVEL_ESET_TRUSTED"
            ]
          },
          "signerName": {
            "type": "string",
            "description": "Signer name extracted from the signature by heuristics."
          }
        }
      ],
      "tags": [
        {
          "type": "string"
        }
      ],
      "versionName": {
        "type": "string",
        "description": "Version number of the file, for example, '3.10' or '5.00.RC2'. EI migration: File version"
      },
      "uuid": {
        "type": "string",
        "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
      }
    }
  ],
  "nextPageToken": {
    "type": "string",
    "description": "Page token of next page. Empty or '' for the last page. Info: For more information, refer to Paginating Requests in APIs or https://cloud.google.com/apis/design/design_patterns#list_pagination"
  }
}

202

Response took too long; request cached. Response can be retrieved later using the response-id header.

null
[]

400

One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.

null
[]

401

Token has expired or is invalid.

null
[]

403

Access denied. Check permissions.

null
[]

404

Requested resource not found.

null
[]

429

Rate limit reached. Try again later.

null
[]

500

Internal server failure. Try again later.

null
[]

502

Internal server failure. Try again later.

null
[]

503

Environment under maintenance. Try again later.

null
[]

504

Action took too long; timeout reached

null
[]