Process execution details appear in the panel to the right of the Process Tree on the Process Analysis page.
If the process is an executable, the following information is displayed:
| Field |
Description |
|---|---|
| Process |
The name of the process executable file. |
| PID |
The Process Identification (PID) number of the process. |
| OS Type |
The operating system on which the process was executed. |
| Path |
The physical path from which the process was executed. |
| Username |
The name of the user who executed the process. |
| MD5 |
The MD5 hash value of the process. |
| SHA-256 |
The SHA-256 hash value of the process.
Note: Availability of SHA-256 hash data is dependent upon sensor capabilities. The macOS sensor version 6.2.4, which is packaged with
Carbon Black EDR Server version 6.3, sends SHA-256 hashes to the server. Check
VMware Carbon Black Support for information about other sensors that can generate SHA-256 hashes.
For files that were originally discovered by a sensor that did not provide SHA-256 hashes, process information for new executions show SHA-256 hashes, but binary entries show SHA-256 as (unknown) until they appear as new files on a sensor that supports SHA-256. |
| Start Time |
The date and time of the process execution. |
| Interface IP |
The IP address of the network adapter on the sensor. Pre-5.1 sensors do not report an Interface IP. |
| Server Comms IP |
The IP address from which the server recognizes the sensor that is reporting data. If the sensor is communicating through a Proxy or NAT, the address is for the Proxy or NAT. |
