How to evaluate the system using Eset Sysinspector

[ulzie 0]

How to use the Eset Sysinspector to evaluate my system?.. Any tutorial? or help?

 

[Arakasi 549]

Hi ulzie

There are a couple KBs on submitting a log to ESET for research.

Most of their logs contain standard and common pc and windows information relating to drivers services and files etc.

The interface is quite easy to pick up once its open and the image is complete with a top toolbar and a slider to set strength of what your looking at.

It might be an informative KB if the team were to write a quick one with maybe a gui picture with a key.

I like the sysinspector.

Edited October 30, 2013 by Arakasi

[ulzie 0]

what is the filtering all about?.. what is the meaning of risky? is that software listed on risky is a risk to the system?..

[Arakasi 549]

Risky could mean malicious or it may be of a risk to your system, someof which eset might not know but its the behavior.

[ulzie 0]

hmm, i get it it's really simple thanks for this Arakasi,, so we can identify a virus using this sysinspector right?

[Arakasi 549]

Yes ulzie

Especially if its hooked to a normal processes like explorer or taskman. Executables are easy to find.

You can find active x and all types of malware not just virus.

Im glad i could have been a little help.

[ulzie 0]

thank you so much 

Arakasi

[Arakasi 549]

Your welcome.

When i get to the office ill try to remember to post more info.

No access at the moment.

Good day

Edited October 30, 2013 by Arakasi

[Arakasi 549]

Here are a few pictures from one of my machines using Sysinspector.

The first picture of course is the loading form, just to make sure you know your looking at the right ESET Tool.

Second is the main graphical user interface of the app once loaded. The filter as discussed in thread can be seen across the top.

In third i moved the slider to threat level 8 of 9 to ascertain why there are red notifications on the system. As seen in the pic the reds are from Cylance which is a legitimate program created by old Mcafee project managers and devs. I inserted hash codes including md5 below.

4th picture is where i have moved the filter to risk level 5 of 9 to look at the medium threat level services running.

This is ultimately a breakdown of a quick evaluation on a system and how you can isolate threats faster and eliminating the normal windows processes etc from the equation if your not all sure of the legitimacy, ESET may have already done that for you.

 

Additional: Menus are trees in the top right corner; Detail is the level of informative information that it is given back to you about your system. Full Recommended.

 

CylanceSvc.exe

MD5: 7ac02ce56c0db3d9356a2a53302b55e6
SHA1: ccff110a4d4c19354e7e50b85a0d96f8ffaab530
SHA256: 8fb025816f6a9bf8e4c0ddb1199cc33c890db724cb7b2c6aff1a93bbe95a6031

 

CylanceUI.exe

MD5: 8d69edcedbc0a2a39f72a09fda25aabd
SHA1: 3f18fe03d80d5d01d113e88d266fbd17afda5bba
SHA256: b20d6a9a73ac7c71764dd2dafaa5762fd227b64df2e76c366a16414e3f949486

 

 

 

 

Thanks for reading

 

Edited October 31, 2013 by Arakasi