The Process panel provides a list of processes running on the host. To access this tab, select a host from the Hosts view and click the Process tab.
*You can perform this task in the current view.
- Focusing on Endpoint Analysis
- Investigating Hosts
- Analyzing Downloaded Files
- Changing File Status or Remediate
- Investigating a Process
- Analyzing Events
- Performing Host Forensics
- Isolating Hosts from Network
Below is an example of the Process tab:
Agent and Scan Details. You can view the following agent and scan details of the selected host:
Host name - Name of the host. For example, WIN-ABC.
Risk score - Risk score of the host.
Operating System - Operating system on which the agent is running (Linux, Windows, or Mac).
Agent Scan Status - Current status of the scan - Idle, Scanning, Starting Scan, or Stopping Scan. For more information, see Scan Hosts.
Agent Last Seen - Time when the agent last communicated with the Endpoint server.
Agent Version - Version of the agent. For example, 188.8.131.52.
More - Provides options to:
Snapshot Time - Lists scanned time stamps. To view the scan history, you select the snapshot time from the drop-down menu.
Actions in the toolbar:
Analyze Process - Lets you perform process analysis to investigate a particular process behavior, and understand the entire process event chain, process parent-child relationships, and all associated events. For more information, see Investigating a Process.
Change File Status - Provides capabilities to manage suspect and legitimate files and block malicious or infected file to prevent future execution of the file on any host. For more information, see Changing File Status or Remediate.
Analyze Events - Lets you investigate a particular host, IP address, username, filename, or hash to get the entire context of the activity. For more information, see Analyzing Events.
More - Provides options to:
|3||Search on Snapshots. Lets you search on all snapshots (file name, file path, and SHA-256 checksum). For more information, see Search on Snapshots.|
|4||Toggle. Lets you toggle between List view and Tree view.|
|5||Process panel - Displays process information, such as process name, local risk score, global risk score, On Hosts, reputation status, file status, and others.|
Show/Hide Right Panel - Displays the following properties of a process in the right panel:
|7||Filter Files. You can filter processes by selecting the options in the Filters panel and create filters. For more information, see Investigating Hosts.|
|8||Settings Menu. You can set Hosts view preferences by selecting columns from the Settings menu. For more information, see Set Hosts Preference.|
Clicking the process name displays the process details of a specific process as shown in the following figure:
- List of loaded libraries for the selected process, such as DLLs (for Windows), Dylibs (for Mac), or .SO (for Linux).
- List of autoruns (if configured).
- List of image hooks and suspicious threads (for Windows).