A binary is an object that represents the physical image on disk of a particular version of an executable file. The sequence of bytes in the executable file completely characterizes the binary. To reduce the quantity of information needed, Nexthink does not identify a binary by its complete sequence of bytes, but by a hash number computed from this sequence.
Thus, executable files that share the same name are only represented by the same binary in Nexthink if they share exactly the same sequence of bytes in disk as well. Two executable files with the same name may have a different sequence of bytes because of two reasons:
- If the versions of the executable files are different, the files have a different binary image. Therefore, a binary is created for each version of the executable file.
- Modified executable file
- If one of the executable files has been altered by any means, the binary image is necessarily different even when the versions of the executable files are the same. A modified file is an indication of malware.
Nexthink detects the existence of a binary in your IT infrastructure the first time that the binary is run on one of the monitored devices.