![]() ![]() Command Line Length-length of the command line command (Count of characters).Cleaned-if the file was cleaned, when the hash was added or by clicking Clean & Quarantine button in the bottom of the window.ΟUser can define a custom category when creating custom rules. Ο Created from filter-this rule was created in Executable tab by using preset called Save filters as rule Ο Suspicious system configuration/Removing evidence-rules that monitor system configuration/settings ( for example deleting logs, turn off logging, setting a lower level of security in the system, and other suspicious settings) Ο Remote desktop/Remote access-rules that monitor Remote Desktop settings ( for example change of default port) Ο Office-rules that monitor Microsoft office related things (for example Word started the new process) Ο Web browser related-rules that monitor web browser related things (for example Nova extensions) Ο Filecoders-rules that monitor behavior typical for different file coders (ransomware) Ο Communication-rules that monitor suspicious network communication (for example new connections, connections to the known bad servers, etc.) Ο Suspicious process creation & process manipulation-rules that monitor manipulation with processes (for example termination of processes through the command line, the process started from recycle bin, etc.) Ο File system-rules that monitor suspicious file operations (for example writing in ADS, creating autorun.inf, etc.) Ο Registry - altering security features-rules that monitor security-settings in the registry (for example exclusions in the firewall, etc.) Ο Persistence-rules that monitor different kinds of persistence in the system (for example autorun registry, new files in %startup% folder, etc.) Blocked Url-shows the URL of the blocked detection if applicable.Blocked-shows whether the executables hash was blocked or not.This number depends on the Server settings and Data Retention and Data collection setting Avg Stored Events/24h-show the avarage number of stored events during 24 hours.Avg Received Events/24h-shows the average number of received events during 24 hours.Author-who's the author (name of the currently logged User at the time of creation or edition).Assignee-the name of the assignee of the report.Alerts-shows the number of ESET PROTECT related alerts (outdated endpoint, etc.).Agent Version-version of EEI Agent deployed on that particular computer.Action-not all actions are shown on all Sections:. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |