Comodo Help
Find the desired product help
Xcitium Enterprise

Xcitium Enterprise

Xcitium Enterprise Administrator Guide

English

Print Help Download Help
Security Systems > Investigate Events > Process Timeline
  • Introduction To Xcitium Enterprise - Endpoint Protection Platform
    • Key Concepts
    • Best Practices
    • Login Into The Admin Console
    • Upgrade To Full Version
  • The Admin Console
  • The Dashboards
  • CNAPP Dashboard
  • ROI Dashboard
  • Devices And Device Groups
    • Manage Device Groups
      • Create Device Groups
      • Edit A Device Group
      • Assign Configuration Profiles To A Device Group
      • Remove A Device Group
      • Run Procedures On Device Groups
    • Manage Devices
      • Add New Devices
      • Manage Windows Devices
        • View And Edit Device Name
        • View Summary Information
        • View Network Information
        • View And Manage Profiles Associated With A Device
        • View Maintenance Windows Associated With A Device
        • View And Manage Applications Installed On A Device
        • View The Files On A Device
        • View Exported Configurations And Import Profiles
        • View MSI Files Installed On A Device Through Xcitium
        • View And Manage Patches For Windows And 3rd Party Applications
        • View Antivirus Scan History
        • View And Manage Device Group Memberships
        • View Device Logs
      • Manage Mac OS Devices
        • View And Edit Mac OS Device Name
        • Summary Information Of Mac Device
        • View Installed Applications
        • View Quarantined Files On Mac OS Device
        • View And Manage Profiles Associated With A Device
        • View Packages Installed On A Device Through Xcitium
        • View And Manage Device Group Memberships
        • View Mac Device Logs
      • Manage Linux Devices
        • View And Edit Linux Device Name
        • Summary Information Of Linux Device
        • View Network Information Of A Linux Device
        • View And Manage Profiles Associated With A Linux Device
        • View Linux Packages Installed On A Device Through Dragon
        • View And Manage Device Group Memberships
      • Manage Android Devices
        • View And Edit Device Name
        • View Summary Information
        • Manage Installed Applications
        • View And Manage Profiles Associated With A Device
        • View Sneak Peek Pictures To Locate Lost Devices
        • View The Location Of The Device
        • View And Manage Device Group Memberships
      • Manage IOS Devices
        • View And Edit Device Name Of An IOS Device
        • View Summary Information Of An IOS Device
        • View Applications Installed On An IOS Device
        • View And Manage Profiles Associated With An IOS Device
        • View The Location Of An IOS Device
        • View And Manage Group Memberships Of An IOS Device
      • View User Information
      • Remote Management Of Windows And Mac OS Devices
        • Transfer Items To / From The Remote Computer
      • Remotely Manage Folders And Files On Windows Devices
      • Manage Processes On Remote Windows Devices
      • Manage Services On Remote Windows Devices
      • Use The Command Prompt On Remote Windows Devices
      • View Event Logs On Remote Windows Devices
      • Apply Procedures To Windows And Mac Devices
      • Remotely Install And Manage Packages On Windows Devices
      • Remotely Install Packages On Mac OS Devices
      • Remotely Install Packages On Linux Devices
      • Send Enrollment Link To IOS Devices
      • Generate An Alarm On Android Devices
      • Remotely Lock Mobile And Mac OS Devices
      • Wipe Selected Mobile And Mac Devices
      • Assign Configuration Profiles To Selected Devices
      • Set / Reset Screen Lock Password For Mobile Devices
      • Update Device Information
      • Send Text Messages To Mobile Devices
      • Restart Selected Windows Devices
      • Change A Device's Owner
      • Change The Ownership Status Of A Device
      • Add Custom Notes And Tags On Devices
      • Remove A Device
      • Generate Device List Report
      • Manage Isolate And Release From Isolation
    • Bulk Enrollment Of Devices
      • Enroll Windows, Mac OS And Linux Devices By Installing The Communication Client
        • Enroll Windows Devices Via AD Group Policy
        • Enroll Windows, Mac OS And Linux Devices By Offline Installation Of Agent
        • Enroll Windows Devices Using Auto Discovery And Deployment Tool
      • Enroll Android And IOS Devices Of AD Users
    • Download And Install The Remote Control Tool
  • Cloud Workloads
  • Cloud Assets
  • Cloud Security
    • View Vulnerabilities Findings
    • Registry Scan
    • CSPM Executive Dashboard
    • Compliance Summary
    • CWPP Dashboard
    • App Behavior
    • Manage Policies
    • Remediation
    • View Alerts
    • Manage Triggers
    • View Reports
  • Users And User Groups
    • Manage Users
      • Create New User Accounts
        • Manually Add Users
        • Import Users From A CSV File
      • Enroll User Devices For Management
        • Enroll Android Devices
        • Enroll IOS Devices
        • Enroll Windows Endpoints
        • Enroll Mac OS Endpoints
        • Enroll Linux OS Endpoints
      • View User Details
        • Update The Details Of A User
      • Assign Configuration Profiles To User Devices
      • Remove A User
      • Generate New Password For A User
      • Reset Two Factor Authentication Token For A User
      • Run Procedures On User Devices
    • Manage User Groups
      • Create A New User Group
      • Edit A User Group
      • Assign Configuration Profiles To A User Group
      • Remove A User Group
      • Run Procedures On User Group Devices
    • Configure Role Based Access Control For Users
      • Create A New Role
      • Manage Permissions And Users Assigned To A Role
      • Remove A Role
      • Manage Roles Assigned To A User
  • Configuration Templates
    • Create Configuration Profiles
      • Profiles For Android Devices
      • Profiles For IOS Devices
      • Profiles For Windows Devices
        • Create Windows Profiles
          • Associated Devices Settings
          • Antivirus Settings
          • Communication Client And Xcitium Client - Security Application Update Settings
          • File Rating Settings
          • Firewall Settings
          • HIPS Settings
          • Containment Settings
          • Maintenance Window Settings
          • VirusScope Settings
          • Xcitium Verdict Cloud
          • Global Proxy Settings
          • Client Proxy Settings
          • Agent Discovery Settings
          • Communication Client And Xcitium Client - Security Application UI Settings
          • Logging Settings
          • Client Access Control
          • External Devices Control Settings
          • Monitors
          • Procedure Settings
          • Remote Control Settings
          • Remote Tools Settings
          • Miscellaneous Settings
          • Script Analysis Settings
          • Data Loss Prevention Settings
          • Patch Management Settings
          • Performance Settings
          • Thumbnails Settings
          • Chat Settings
          • Applications Settings
        • Import Windows Profiles
      • Profiles For Mac OS Devices
        • Create A Mac OS Profile
          • Antivirus Settings For Mac OS Profile
          • Certificate Settings For Mac OS Profile
          • Restrictions Settings For Mac OS Profile
          • VPN Settings For Mac OS Profile
          • Wi-Fi Settings For Mac OS Profile
          • Remote Control Settings For Mac OS Profile
          • External Device Control Settings For Mac OS Profile
          • Valkyrie Settings For MacOS Profile
          • Procedure Settings For Mac Profiles
          • Monitor Settings For Mac OS Profile
      • Profiles For Linux Devices
        • Create A Linux Profile
          • Antivirus Settings For Linux Profile
          • Communication Client And XcitiumClient - Security Application Update Settings For Linux Profile
          • User Interface Settings For Linux Profile
          • Logging Settings For Linux Profile
          • Clients Access Control Settings For Linux Profile
          • Valkyrie Settings For Linux Profile
    • View And Manage Profiles
      • Export And Import Configuration Profiles
      • Clone A Profile
    • Edit Configuration Profiles
    • Manage Default Profiles
    • Manage Alerts
      • Create A New Alert
      • Edit / Delete An Alert
    • Manage Procedures
      • View And Manage Procedures
      • Create A Custom Procedure
      • Combine Procedures To Build Broader Procedures
      • Review / Approve / Decline New Procedures
      • Add A Procedure To A Profile / Procedure Schedules
      • Import / Export / Clone Procedures
      • Change Alert Settings
      • Apply Procedures To Devices
      • Edit / Delete Procedures
      • View Procedure Results
    • Manage Monitors
      • Create Monitors And Add Them To Profiles
        • Monitors For Windows Devices
        • Monitors For Mac OS Devices
      • View And Edit Monitors
    • Data Loss Prevention Rules
      • Create DLP Discovery Rules And Add Them To Profiles
      • View And Edit DLP Discovery Rules
      • Create DLP Monitoring Rules And Add Them To Profiles
      • View And Edit DLP Monitoring Rules
  • Security Systems
    • View Alerts And Security Events
      • View Alerts And Security Events By Time
      • View Alerts And Security Events By Files
      • View Alerts And Security Events By Device
      • Alert Policy
      • Suppression Rule
    • Investigate Events
      • Search Events By Query
      • Search Events By File
      • Search Events By Device
      • View Android Threat History
      • Process Timeline
    • Endpoint Security Status
      • Run Antivirus And/or File Rating Scans On Devices
      • Handle Malware On Scanned Devices
      • Update Virus Signature Database On Windows, Mac OS And Linux Devices
    • View And Manage Blocked Threats
    • View And Manage Quarantined Items
    • View Contained Threats
    • View And Manage Autorun Items
    • Manage File Trust Ratings On Windows Devices
      • File Ratings Explained
    • View List Of File Verdicts
    • View History Of External Device Connection Attempts
    • Data Loss Prevention Scans
      • DLP Logs
      • DLP Quarantined Files
  • Network Management
    • Create And Run Network Discovery Tasks
    • Manage Profiles For Network SNMP Devices
    • Manage Network Devices
      • Manage SNMP Devices
        • SNMP Device Details Interface
      • Discovered Devices
    • Manage Network Monitors
  • Software Inventory
    • View Applications Installed On Android And IOS Devices
      • Blacklist And Whitelist Applications
    • Patch Management
      • Manage OS Patches On Windows Endpoints
      • Install 3rd Party Application Patches On Windows Endpoints
        • Xcitium Supported 3rd Party Applications
    • View And Manage Applications Installed On Windows Devices
      • Uninstall A Windows Application From Selected Devices
      • Uninstall A Windows Application From All Devices
    • Vulnerability Management
  • Management Settings
    • Account Management
    • License Management
      • Manage Your Licenses
      • License Allocations
      • Bill Forecast
  • Configure Xcitium Enterprise
    • Email Notifications, Templates And Custom Variables
      • Configure Email Templates
      • Configure Email Notifications
      • Create And Manage Custom Variables
      • Create And Manage Registry Groups
      • Create And Manage COM Groups
      • Create And Manage File Groups
      • Create And Manage Tags
    • Xcitium Enterprise Portal Configuration
      • Import User Groups From LDAP
      • Configure Portal Settings
      • Configure Communication And Security Client Settings
        • Configure The Xcitium Android Client
          • Configure Android Client General Settings
          • Configure Android Client Antivirus Settings
          • Add Google Cloud Messaging (GCM) Token
        • Add Apple Push Notification Certificate
        • Configure Windows Clients
          • Configure Communication Client Settings
          • Configure Client Security Settings
      • Manage Xcitium Enterprise Extensions
      • Configure Xcitium Enterprise Reports
      • Device Removal Settings
      • Account Security Settings
      • Set-up Administrator's Time Zone And Language
      • Configure Audit Log Settings
    • Dashboard Settings
    • Cloud Security Settings
      • Manage Cloud Accounts
        • Amazon Web Server (AWS) Account Onboarding
        • Google Cloud Platform (GCP) Account Onboarding
        • Microsoft Azure Account Onboarding
      • Manage Cluster
      • Configure Integrations
        • CWPP
        • CSPM
        • Registry
        • S3 Data Source
      • Create And Manage Labels
      • Create And Manage Tags
      • Create And Manage Groups
      • Configure Ticket Template
    • Data Protection Templates
      • View And Manage Pattern Variables
      • View And Manage Keyword Groups
    • View Version And Support Information
    • Alert Notification Settings
  • Appendix 1a - Xcitium Services - IP Nos, Host Names And Port Details - EU Customers
  • Appendix 1b - Xcitium Services - IP Nos, Host Names And Port Details - US Customers
  • Appendix 2 - Pre-configured Profiles
  • Appendix 3 - Default Xcitium Security Policy Details
  • About Xcitium

Process Timeline


The timeline view of an event shows the hierarchy of processes spawned by the event.


You can view a process on the timeline view from different interfaces. Examples include:

  • 'Alerts' > Alert Search' > expand an event or alert > click the value of process hash or child process hash > 'Show in Process Timeline'

  • 'Investigate' > Event Search > click the value of process hash or child process hash in the details pane of an event > 'Show in Process Timeline'

The process time line chart of the device opens with the specific process pre-selected. The time line includes the events from 30 minutes before the selected event to 30 minutes after the selected event.

There are two ways you can view the processes spawned:

  • Timeline view

  • Tree view

Timeline view


The time line shows the chronological order of events generated by executed process tree..

  • By default, the time line includes the events from 30 minutes before the selected event to 30 minutes after the selected event.

  • The events are color coded for easy identification in the chart. The legend of color codes is given at the bottom of the chart


  • Drag your mouse inside the chart to scroll left or right.

  • Use the scroll wheel in your mouse zoom-in or zoom-out.

  • Click on an event to view its details. The details are shown in the bottom pane. An example is shown above.

  • Click on a process to view its details.


  • Click on the hash value of the process to view the events generated by the parent file of the process in all devices in 'Investigate' > 'Hash Search' interface.

Tree view

  • Click the 'Tree view' tab on the top left to view the process hierarchy.





You can view the processes and event types with respective colors.

  • Use mouse to zoom in and zoom out. Click 'Reset Zoom' to default view

  • The number beside a process name indicates the number of events generated by the process.

  • Click a process name to open the 'Event Search' screen with the event search box populated with the selected process parameters.

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.