The Process Behavior details page provides information about the file-executed system changes that occurred on an endpoint in sequential order. Symantec Endpoint Detection and Response also provides the attributes that are associated with each system change. A Process Behavior details page is only available when a process occurs on an endpoint and one or more events in the process are malicious.
See About analyzing the process behaviors that occurred on endpoints.
To view detailed information about a process behavior
To the right of the graphic is the following information:
Process Behavior
A process is represented by a group of system changes. Each process has a separate date/time range. Symantec EDR shows the processes that were executed on the endpoint in sequential order. To view the attributes that are associated with the system change (the dynamic file attributes), click the down arrow to the right of the row. The dynamic file attribute data that appears is unique to that process. Different processes contain different attributes, depending the information that is available to Symantec EDR. To collapse the details, click the up arrow at the far right of the row.
Symantec EDR lets you filter processes so that you can narrow the list. Click to reveal the filters. Select the process that you want to filter by. (Results immediately begin to appear.) Click to hide the filters view. Symantec EDR maintains your filter selections until you reset the filter criteria or refresh the page.
The Process Behavior table contains the following information:
See Process behavior example
Thanks for your feedback. Let us know if you have additional comments below. (requires login)