Jump to content

ERA 6.4 Retrieve Scan Log


Recommended Posts

Hello, is there any way to retrieve scan/events/filterwebsite logs from the endpoints using ERA 6.4?  

If not, it would be a really nice feature to have back.  It was available in ERA 5.x and previous.

Link to comment
Share on other sites

  • ESET Staff

Hello, 

you can see all reported files / firewall events , etc in Threats section,
http://help.eset.com/era_admin/64/en-US/index.html?threats.htm


or for a specific client under Computers -> Details -> Threats and Quarantine.
http://help.eset.com/era_admin/64/en-US/index.html?computer_details.htm
 

Link to comment
Share on other sites

Yes, I see that, but it would still be nice to be able to retrieve the last few scan logs using the RA rather than having to remote into the computer.  I see that ESET is providing more RMM-type tools as part of the agent, but I'd prefer that you add back the ability to pull scan logs and other Anti-virus tasks first.

If you're trying to save server resources I understand... the scan logs don't have to be saved for long... I'd be perfectly satisfied with having to run a Get Logs task and then having the log data purged from the server after 48 hours or so.

Link to comment
Share on other sites

37 minutes ago, Futura said:

Yes, I see that, but it would still be nice to be able to retrieve the last few scan logs using the RA rather than having to remote into the computer.  I see that ESET is providing more RMM-type tools as part of the agent, but I'd prefer that you add back the ability to pull scan logs and other Anti-virus tasks first.

If you're trying to save server resources I understand... the scan logs don't have to be saved for long... I'd be perfectly satisfied with having to run a Get Logs task and then having the log data purged from the server after 48 hours or so.

Agreed.  Another nice feature of previous ERA products that has been removed.

Link to comment
Share on other sites

  • ESET Staff

What particular information from the scanlog you are missing? Infected files are reported in threats, and statistical information is available too?

Also, what is the desired usage patterns with such information afterwards?

Thanks.

Link to comment
Share on other sites

Hi Michal,

The statistical information and threat information is not really enough.  If we deploy ESET to some new endpoints and ESET discovers 20 Infected files on the endpoint I need to be able to pull the log and check which files were detected as infected.  

I just had a Mac yesterday that found 21 infected files in the scan and then cleaned them.  But I have no way to see what infected files were found and determine whether it was false positives or actual infections unless I remote into the computer.  Nothing shows up in the Threats pane for that device and only one item shows up in the Quarantine pane.

Once we have reviewed the scan log we can then determine what steps we need to take (if the computer needs a deeper scan... if we need to exclude certain files or folders from scanning etc).

Link to comment
Share on other sites

  • ESET Staff

Thanks for the info. Behavior you have described looks to me like a bug, as all of the threats (detected by real time protection, or on-demand scanner) should be reported to threats section.

 

Can you please provide more details about the version of ERA agent, server, and the endpoint product version.

Link to comment
Share on other sites

Hi Michal, 

Thanks! It is probably related to the fact that we attempted to update to the 6.5 Beta RA and the RA just won't update (see Beta forum).  

The endpoint is running: 
ESET Endpoint Antivirus 6.3.85.1
ESET Remote Administrator Agent 6.4.232.0

The server is running the following versions on the ESET Virtual Appliance:
ESET Remote Administrator Agent 6.4.293.0
ESET Remote Administrator Server 6.4.304.0
ESET Rogue Detection Sensor 1.0.1079.0

Regards, Fernand

Link to comment
Share on other sites

  • ESET Staff

It looks, that the problem is related to the version of "Translator support module" on both Endpoints and in ERA.

With the older translator module (released back in December), it was not working. I have switched to pre-release update, and the product is successfully reporting the threats detected to ESET Remote Administrator / Threats (both aggregated view, and per-client view). 

Screenshots attached. What we are planning, is to link between the "scan logs" data and threats data, so you will be able to drill-down to the particular detected threats. There is no plan to collect full scan-log, as apart of the detected threats (where / what / when), there is no added value in it. 

Can you please report the version of the "translator support module" located in "about" section of ERA, and "about" section of your mac client? 

 

scan logs.jpg

threats.jpg

Link to comment
Share on other sites

Hi Michal, 

Here is the info from ERA:

 

  • ESET Remote Administrator (Server), Version 6.4.304.0
  • ESET Remote Administrator (Web Console), Version 6.4.281.0
  • Update module    1069 (20161122)
  • Translation support module    1570 (20170112)
  • Configuration module    1277.15 (20160721)
  • SysInspector module    1259 (20160406)

The following is the info from one of our Mac clients.

  • Update module  1069 (20161122)
  • Antivirus and antispyware scanner module  1510 (20170130)
  • Virus signature database  14931 (20170213)
  • Archive support module  1259 (20170104)
  • Advanced heuristics module  1176 (20170116)
  • Cleaner module  1130 (20161219)
  • Translation support module  1574 (20170126)
  • Internet protection module  1291 (20170116)
  • Database module  1088 (20170105)
  • Rapid Response module  9537 (20170213)
  • Mac setting module  1013 (20151217)
  • Configuration module  1372B (20160810)
  • module 42  1366 (20170213)

Regards, Fernand

Link to comment
Share on other sites

  • ESET Staff

Hello, does your era server has enabled internet access? We have released a newer translator module on February 7. I would reccommend to update ERA server and then trying to replicate the issue again. It should work normally.

Is your ERA configured to update directly from the internet? 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...