Processes

The Processes tab contains data about active processes on the scanned computer at the moment of the report generation.

The data is presented in the form of a table. For each process, the following information is available in the table:

PID: a process ID.

Command line: process start arguments.

File: an executable process file.

Company: an executable file publisher.

Signed: whether the file is signed.

Reputation: a suggested service status according to the internal Metawave service database, which contains information on previous detects.

Each row of the Processes table is a drop-down block that contains a table displaying the files used by the process. The table has the following columns:

File

Company

Signed

Reputation

You can reorder rows by the contents of a column. To do this, click  toggle in the column header.

You can also search across the Processes table and all its nested tables. To do this, enter your query into the search_gray Search field above the Processes table and press Enter.

info

FixIt! allows you to use wildcard characters ‘*’ and ‘?’ in searches. The asterisk ‘*’ stands for any number of characters, including zero, and the question mark ‘?’ stands for any single character.

The files* search query will return files with such names as files, files111, files systems, files_more_worlds, etc.

The files? query will return files with such names as files1, filess, files_, but not files.

If you want to view the details of a process or file, click its name in the table. On the right side of the screen, the Details pop-up window appears, showing information about the object parameters:

Tab

Available parameters

Process

Status

Properties:

PID

Session

Address

Path

Command line

Current directory

Bitness

PEB address

Debugged

Isolation level

Date created

Resources:

Kernel time

User time

Priority

Handles

Parent:

PID

Session

Path

Command line

Bitness

Isolation level

Date created

File

Path

Status:

Certificate

File

Type

Cloud

Software type

Hash:

SHA1

SHA256

A link to VirusTotal

Properties:

Size

Date created

Last modified

Last accessed

Build date

Attributes:

Value

Archive

Security

Version:

Description

Version

Company

Origin name

Certificates

Status

Date and time

Certificates:

Subject

Issuer

Valid from

Valid to

SHA1 fingerprint

SHA256 fingerprint

Serial number

Name

Data (for files only)

Memory address

Path

Size

Status

Build date