The Root Cause Chain screen shows object types using the following icons:
Icon |
Type |
Description |
---|---|---|
![]() |
File |
Files created by the processes related to the matched object. |
![]() |
Process |
Processes that start other services or create files. Processes usually have an associated user account displayed under the process name. |
![]() |
IP address and port |
IP addresses that the connected process, service, or file attempted to access. |
![]() |
Domain |
Domains that the connected process, service, or file attempted to access. |
![]() |
User account |
The user account with the domain that started the connected process, service, or file. |
![]() |
Service |
Services that create files, or start other processes and services. Services usually have an associated user account displayed under the service name. |
![]() |
Registry |
Registry operations implemented by a process, service or module, especially for autorun processes. |
![]() |
Autorun Process |
Registry entries that launch processes and services during system startup. |
![]() |
Module |
Modules loaded by a process or service to perform a routine. |
![]() |
Mutex |
Objects used in coordinating mutually exclusive access to a shared resource. |
![]() |
Semaphore |
A software flag with a value that indicates the status of a common resource. |
![]() |
Inject API |
APIs used by the matched object to inject itself or any of its dependencies into a process. |
![]() |
WinINet API |
APIs that are used for network connection and information transfer. |
![]() |
Downloaded file |
Files that are downloaded from a URL. |
![]() |
Unknown |
Unknown modules and files. |
![]() |
Internet API |
APIs that are used to connect to the Internet via application level. For example, HTTP/FTP. |
Click Legend to view the icon descriptions.