Process Tree

The process tree allows you to distinguish the groups of
parent
and
child
processes that occurred when the sample launched in the WildFire® virtual sandbox. For each sandbox operating system in which the sample was executed, the processes that took place in the operating system kernel space and user space are provided.
  1. Start or continue an AutoFocus™ search to find a sample.
  2. Click a sample hash to view its WildFire analysis details.
    By default, the analysis results for a sample are sorted based on WildFire behavior and activity categories.
  3. Click the new option
    Tree
    .
    process-tree.png
  4. Expand the kernel space and user space sections to view the processes that occurred when the sample executed in the WildFire analysis environment. Refer to the File Analysis section of sample search results for more information on kernel space and user space.
    Notice that child processes are indented and grouped under the parent process that spawned them. If a child process launched other child processes or activities, they are listed under the child process and indented accordingly.
    process-tree-2.png
  5. Minimize and expand processes as you view them.
    Click the minus sign (
    -
    ) next to a parent process to hide the child processes under it; click the plus sign (
    +
    ) next to a parent process to display its child processes.
  6. Next step:
    Select
    Sections
    to view sample details based on WildFire analysis categories or Display File Analysis Results in Sequence.

Recommended For You