Jump to content

ERA 6.4 quarantine report


avielc
 Share

Recommended Posts

Hi everyone,

I'm trying to create a weekly report that reports the threats I see under the "threats section of the web console

Usually these threats are typed as " Trojans" I'd like to make the template get me information for the last 7 days.

But for some reason, Quarantine section has no option of that kind + trying to mix different filters isn't seemed to be allowed.

 

Please assist.

eset quarantine report.png

Link to comment
Share on other sites

  • ESET Staff

You need to use a different set of symbols for that. Instead of "quarantine" you have to use symbol type "antivirus threat".

The data you are searching is available by default in the report template "Report: Threat events in last 7 days" which you can find under "Reports". You can also place it to the dashboard, or edit it, to remove columns you are not interested in.

Link to comment
Share on other sites

2 hours ago, MichalJ said:

You need to use a different set of symbols for that. Instead of "quarantine" you have to use symbol type "antivirus threat".

The data you are searching is available by default in the report template "Report: Threat events in last 7 days" which you can find under "Reports". You can also place it to the dashboard, or edit it, to remove columns you are not interested in.

Hi @MichalJ, Thanks for the quick reply.

I'm afraid that under that report I get an empty page. Nothing appears there.

 

Is something wrong? attaching an example:

ESET report.png

Link to comment
Share on other sites

  • ESET Staff

What you see in the "Threats" section of ESET Remote Administrator? Are those threats really happening recently (in the last 7 days)? Also, are they reported by "Antivirus" or by other components?

Edited by MichalJ
Link to comment
Share on other sites

2 minutes ago, MichalJ said:

What you see in the "Threats" section of ESET Remote Administrator? Are those threats really happening recently (in the last 7 days)? Also, are they reported by "Antivirus" or by other components?

Yes,

Here is a screenshot of the threats window

ESET Remote Administrator - Google Chrome 21_02_2017, Tue 18_44_46.png

Link to comment
Share on other sites

  • Administrators

The threats were detected on Feb 14 which is exactly 7 days ago. Just in case, trigger an alert by downloading the eicar test file from http://www.eicar.org/download/eicar.com to ensure that a fresh threat alert is generated and then create the report again.

Link to comment
Share on other sites

I tested what you said by simply altering the amount of days to a few more back, 

You're right, that's kinda odd, seems Quarantine, is a different category, (which I have used instead)

and it reports an extra entries I don't see on the threats list, could you tell me why is that? (related to the restorable information)

Adding a screenshot of the Quarantine report which doesn't appear on the previous screenshot.

 

ESET Remote Administrator - Google Chrome 21_02_2017, Tue 19_12_36.png

Link to comment
Share on other sites

  • ESET Staff

We have to understood what is your question? Was the question why the quarantine was not 1:1 to threats? Is this correct? You have not shared details of your threats section. 

Link to comment
Share on other sites

2 hours ago, MichalJ said:

We have to understood what is your question? Was the question why the quarantine was not 1:1 to threats? Is this correct? You have not shared details of your threats section. 

Hi Michal,

Sorry for not being too clear with my question.

Yes, I don't understand why Quarantine gives different information compared to the "Threats" section.

I've added a screen shot (two posts up) with "Quarantine" report, while You have the "Threats" report screenshot, two posts above that.

If you, or anyone else can please clarify why one is different than the other, i'd really appreciate it.

Link to comment
Share on other sites

  • ESET Staff

Highlighted quarantine record has "Time of first occurrence" in January, which is not covered by provided list of threats - any chance this threat is available in case date filter is modified accordingly?

Link to comment
Share on other sites

Not sure I follow you @MartinK

that case was still reported on the 13th, and on the 15th you also have a case which doesn't appear on the "Threats" info.

Why is that like this? what makes this information different than the other?

Link to comment
Share on other sites

  • Administrators

Unfortunately we don't see a full list of threats that were detected. I can only assume that there were some detected by email protection which doesn't quarantine malicious attachments unlike other protection modules (scanners).

Link to comment
Share on other sites

  • ESET Staff

One related issue was identified and resolved recently (by modules update) -> problem was that threats detected during scan (= not by real-time protection) were not properly logged on client (and thus not reported to ERA).

This can be verified in case you have access to this machine. When you open log files in EES/EAV client, check whether this threat is reported in "Detected threats" or "Computer scan". In case it was affected by mentioned bug, it will be reported in second one.

Link to comment
Share on other sites

On 2/24/2017 at 10:38 AM, MartinK said:

One related issue was identified and resolved recently (by modules update) -> problem was that threats detected during scan (= not by real-time protection) were not properly logged on client (and thus not reported to ERA).

This can be verified in case you have access to this machine. When you open log files in EES/EAV client, check whether this threat is reported in "Detected threats" or "Computer scan". In case it was affected by mentioned bug, it will be reported in second one.

Hi Martin, Thanks for the extra info.

I'll need to have a look to see if that's the case here.

Is there going to be a fix to such issue? (assuming this the the case with all those missing updates (you can compare between the two screenshots i've provided in previous posts, they are parallel in terms of taken time.

 

Thanks.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...