Process Tree
Table of Contents
Expand all | Collapse all
-
- New Features October 2020
- New Features September 2020
- New Features: August 2020
- New Features: April 2020
- New Features: November 2019
- New Features: May 2019
- New Features: March 2019
- New Features: February 2019
- New Features: November 2018
- New Features: October 2018
- New Features: September 2018
- New Features: August 2018
- New Features: July 2018
- New Features: June 2018
Process Tree
The process tree allows you to distinguish
the groups of parent and child processes
that occurred when the sample launched in the WildFire® virtual sandbox. For each
sandbox operating system in which the sample was executed, the processes
that took place in the operating system kernel space and user space
are provided.
- Start or continue an AutoFocus™ search to find a sample.
- Click a sample hash to view its WildFire analysis details.By default, the analysis results for a sample are sorted based on WildFire behavior and activity categories.
- Click the new optionTree.
- Expand the kernel space and user space sections to view the processes that occurred when the sample executed in the WildFire analysis environment. Refer to the File Analysis section of sample search results for more information on kernel space and user space.Notice that child processes are indented and grouped under the parent process that spawned them. If a child process launched other child processes or activities, they are listed under the child process and indented accordingly.
- Minimize and expand processes as you view them.Click the minus sign (-) next to a parent process to hide the child processes under it; click the plus sign (+) next to a parent process to display its child processes.
- Next step:SelectSectionsto view sample details based on WildFire analysis categories or Display File Analysis Results in Sequence.