Object Details (Legacy)

The Object Details tab displays the same information as the Analysis Chain tab, but presents the information as a table.

Object Details organizes the objects into the following tabs:

  • Objects: Objects involved in the execution of the matched object, grouped by their parent processes. Click ▶ to expand the list.

  • Noteworthy events: Objects in the chain that are possibly malicious, based on existing Trend Micro intelligence

  • File events: Objects in the chain that are files

  • Registry events: Objects in the chain that are registry keys and values

  • IP / Domain / URL events: Objects that are IP address, domain, or URL events

The table provides the following details.

Column Name

Description

Recorded object

Name of the recorded object

Click the object name to view more details.

Process ID

Process ID of the recorded object

Recorded

Date and time when the object became involved in the chain

Activity

Action done by the object

Click the object name to view more details.

Object reputation

Rating assigned to the object based on existing Trend Micro intelligence

You can further examine objects with "Malicious" ratings in Threat Connect or VirusTotal.

Affected endpoints

Number of endpoints where the object appears

Percentage of endpoints affected, based on the total number of endpoints on the network

Click the value to view more details about the endpoint.

Use the following options to manage the table:

  • On the Objects tab, click the filter icon () to filter the table according to the specified criteria.

  • On the File events tab, sort the table by clicking on the Recorded object and Object reputation columns.