Futura 1 Posted February 7, 2017 Posted February 7, 2017 Hello, is there any way to retrieve scan/events/filterwebsite logs from the endpoints using ERA 6.4? If not, it would be a really nice feature to have back. It was available in ERA 5.x and previous.
ESET Staff Oliver 9 Posted February 8, 2017 ESET Staff Posted February 8, 2017 Hello, you can see all reported files / firewall events , etc in Threats section,http://help.eset.com/era_admin/64/en-US/index.html?threats.htm or for a specific client under Computers -> Details -> Threats and Quarantine.http://help.eset.com/era_admin/64/en-US/index.html?computer_details.htm
Futura 1 Posted February 8, 2017 Author Posted February 8, 2017 Yes, I see that, but it would still be nice to be able to retrieve the last few scan logs using the RA rather than having to remote into the computer. I see that ESET is providing more RMM-type tools as part of the agent, but I'd prefer that you add back the ability to pull scan logs and other Anti-virus tasks first. If you're trying to save server resources I understand... the scan logs don't have to be saved for long... I'd be perfectly satisfied with having to run a Get Logs task and then having the log data purged from the server after 48 hours or so.
kingoftheworld 10 Posted February 8, 2017 Posted February 8, 2017 37 minutes ago, Futura said: Yes, I see that, but it would still be nice to be able to retrieve the last few scan logs using the RA rather than having to remote into the computer. I see that ESET is providing more RMM-type tools as part of the agent, but I'd prefer that you add back the ability to pull scan logs and other Anti-virus tasks first. If you're trying to save server resources I understand... the scan logs don't have to be saved for long... I'd be perfectly satisfied with having to run a Get Logs task and then having the log data purged from the server after 48 hours or so. Agreed. Another nice feature of previous ERA products that has been removed.
ESET Staff MichalJ 434 Posted February 8, 2017 ESET Staff Posted February 8, 2017 What particular information from the scanlog you are missing? Infected files are reported in threats, and statistical information is available too? Also, what is the desired usage patterns with such information afterwards? Thanks.
Futura 1 Posted February 8, 2017 Author Posted February 8, 2017 Hi Michal, The statistical information and threat information is not really enough. If we deploy ESET to some new endpoints and ESET discovers 20 Infected files on the endpoint I need to be able to pull the log and check which files were detected as infected. I just had a Mac yesterday that found 21 infected files in the scan and then cleaned them. But I have no way to see what infected files were found and determine whether it was false positives or actual infections unless I remote into the computer. Nothing shows up in the Threats pane for that device and only one item shows up in the Quarantine pane. Once we have reviewed the scan log we can then determine what steps we need to take (if the computer needs a deeper scan... if we need to exclude certain files or folders from scanning etc).
ESET Staff MichalJ 434 Posted February 8, 2017 ESET Staff Posted February 8, 2017 Thanks for the info. Behavior you have described looks to me like a bug, as all of the threats (detected by real time protection, or on-demand scanner) should be reported to threats section. Can you please provide more details about the version of ERA agent, server, and the endpoint product version.
Futura 1 Posted February 8, 2017 Author Posted February 8, 2017 Hi Michal, Thanks! It is probably related to the fact that we attempted to update to the 6.5 Beta RA and the RA just won't update (see Beta forum). The endpoint is running: ESET Endpoint Antivirus 6.3.85.1 ESET Remote Administrator Agent 6.4.232.0 The server is running the following versions on the ESET Virtual Appliance: ESET Remote Administrator Agent 6.4.293.0 ESET Remote Administrator Server 6.4.304.0 ESET Rogue Detection Sensor 1.0.1079.0 Regards, Fernand
ESET Staff MichalJ 434 Posted February 9, 2017 ESET Staff Posted February 9, 2017 It looks, that the problem is related to the version of "Translator support module" on both Endpoints and in ERA. With the older translator module (released back in December), it was not working. I have switched to pre-release update, and the product is successfully reporting the threats detected to ESET Remote Administrator / Threats (both aggregated view, and per-client view). Screenshots attached. What we are planning, is to link between the "scan logs" data and threats data, so you will be able to drill-down to the particular detected threats. There is no plan to collect full scan-log, as apart of the detected threats (where / what / when), there is no added value in it. Can you please report the version of the "translator support module" located in "about" section of ERA, and "about" section of your mac client?
Futura 1 Posted February 13, 2017 Author Posted February 13, 2017 Hi Michal, Here is the info from ERA: ESET Remote Administrator (Server), Version 6.4.304.0 ESET Remote Administrator (Web Console), Version 6.4.281.0 Update module 1069 (20161122) Translation support module 1570 (20170112) Configuration module 1277.15 (20160721) SysInspector module 1259 (20160406) The following is the info from one of our Mac clients. Update module 1069 (20161122) Antivirus and antispyware scanner module 1510 (20170130) Virus signature database 14931 (20170213) Archive support module 1259 (20170104) Advanced heuristics module 1176 (20170116) Cleaner module 1130 (20161219) Translation support module 1574 (20170126) Internet protection module 1291 (20170116) Database module 1088 (20170105) Rapid Response module 9537 (20170213) Mac setting module 1013 (20151217) Configuration module 1372B (20160810) module 42 1366 (20170213) Regards, Fernand
ESET Staff MichalJ 434 Posted February 14, 2017 ESET Staff Posted February 14, 2017 Hello, does your era server has enabled internet access? We have released a newer translator module on February 7. I would reccommend to update ERA server and then trying to replicate the issue again. It should work normally. Is your ERA configured to update directly from the internet?
Recommended Posts