I'm the network admin for a small less business, less than 100 staff but spread over 5 offices and 3 time zones with 60/40 ratio of laptops to desktop machines
As you noted,with ESET 5 remote admin the pcs, provide all client logs to the server. This means I can check things like user initiated CD/DVD/USB drive scan logs, and I can see detailed scan results even when the laptop is not currently connected. As to what I get from it, ESET flags things like password encypted files like ZIPs RARs 7ZIPs as scan failures in the scan log. They are not viruses or threats, they are just failures, but as we know password protected files can also be attack vectors for a variety of malware. If I see password protected files in USB scan logs I can contact the staff person and investigate further if needed. Also, if a machine reports a virus, I need to know not just what it was and that it's been cleaned or deleted the more important question is how it got there. The client security logs are a valuable source of information for these processes.
With ESMC 7 I've looked into the "Scans in last 30 days" report but as far as I can tell it only reports on scheduled scan tasks that are driven by the ESMC server. I cant see a way for it to report on local/user initiated scans or scan jobs configured inside profiles. For example if a user plugs in a USB drive they are given the option to run a scan. If there's a way of modifying or creating a custom report template to include these locally initiated scans , I'd be very interested
I understand that as you say for scaling you limit the log information provided to the server and if looking at 1000's of clients it makes sense to limit what is stored on the server, but is there any way in ESMC 7 to turn on full log reporting for a group or even just an individual client?
thanks and regards