Process

The icon of the process or program that was executed and the name of the executable file that was run; for example, notepad.exe. The file system path from which the process was executed appears.

Endpoint

The endpoint that is associated with the result.

Updated

The timestamp when the process was last updated.

Start Time

The timestamp when the process started.

PID

The Process ID.

Username

The username that is associated with this process.

Regmods

The number of Windows registry modifications that were made by the execution of this process. Regmods are color-coded in blue.

Filemods

Contains a color-coded dot if the execution of the process resulted in file modifications. Filemods are color-coded in yellow.

Modloads

Contains a color-coded dot if the execution of the process resulted in loaded modules. Modloads are color-coded in green.

Netconns

Contains a color-coded dot if the execution of the process resulted in attempted or established network connections. Netconns are color-coded in purple.

Children

Contains a color-coded dot if the execution of the process resulted in generated child processes. Children are color-coded in orange.

Tags

Contains a color-coded dot if the execution of the process resulted in events that were tagged in a Carbon Black EDR investigation. Tags are color-coded in black.

Hits

Contains a color-coded dot if the execution of the process resulted in watchlist or feed hits. Hits are color-coded in red.

>

Opens the Process Analysis page.