The process tree allows you to distinguish
the groups of parent and child processes
that occurred when the sample launched in the WildFire® virtual sandbox. For each
sandbox operating system in which the sample was executed, the processes
that took place in the operating system kernel space and user space
Click a sample hash to view its WildFire analysis details.
By default, the analysis results for a sample are sorted
based on WildFire behavior and activity categories.
Click the new option
Expand the kernel space and user space sections to view
the processes that occurred when the sample executed in the WildFire
analysis environment. Refer to the File Analysis section of sample search results for
more information on kernel space and user space.
Notice that child processes are indented and grouped under
the parent process that spawned them. If a child process launched
other child processes or activities, they are listed under the child
process and indented accordingly.
Minimize and expand processes as you view them.
Click the minus sign (
to a parent process to hide the child processes under it; click
the plus sign (
) next to a parent process
to display its child processes.