Jump to content

Recommended Posts

Posted

Hi everyone,

I'm trying to create a weekly report that reports the threats I see under the "threats section of the web console

Usually these threats are typed as " Trojans" I'd like to make the template get me information for the last 7 days.

But for some reason, Quarantine section has no option of that kind + trying to mix different filters isn't seemed to be allowed.

 

Please assist.

eset quarantine report.png

  • ESET Staff
Posted

You need to use a different set of symbols for that. Instead of "quarantine" you have to use symbol type "antivirus threat".

The data you are searching is available by default in the report template "Report: Threat events in last 7 days" which you can find under "Reports". You can also place it to the dashboard, or edit it, to remove columns you are not interested in.

Posted
2 hours ago, MichalJ said:

You need to use a different set of symbols for that. Instead of "quarantine" you have to use symbol type "antivirus threat".

The data you are searching is available by default in the report template "Report: Threat events in last 7 days" which you can find under "Reports". You can also place it to the dashboard, or edit it, to remove columns you are not interested in.

Hi @MichalJ, Thanks for the quick reply.

I'm afraid that under that report I get an empty page. Nothing appears there.

 

Is something wrong? attaching an example:

ESET report.png

  • ESET Staff
Posted (edited)

What you see in the "Threats" section of ESET Remote Administrator? Are those threats really happening recently (in the last 7 days)? Also, are they reported by "Antivirus" or by other components?

Edited by MichalJ
Posted
2 minutes ago, MichalJ said:

What you see in the "Threats" section of ESET Remote Administrator? Are those threats really happening recently (in the last 7 days)? Also, are they reported by "Antivirus" or by other components?

Yes,

Here is a screenshot of the threats window

ESET Remote Administrator - Google Chrome 21_02_2017, Tue 18_44_46.png

  • Administrators
Posted

The threats were detected on Feb 14 which is exactly 7 days ago. Just in case, trigger an alert by downloading the eicar test file from http://www.eicar.org/download/eicar.com to ensure that a fresh threat alert is generated and then create the report again.

Posted

I tested what you said by simply altering the amount of days to a few more back, 

You're right, that's kinda odd, seems Quarantine, is a different category, (which I have used instead)

and it reports an extra entries I don't see on the threats list, could you tell me why is that? (related to the restorable information)

Adding a screenshot of the Quarantine report which doesn't appear on the previous screenshot.

 

ESET Remote Administrator - Google Chrome 21_02_2017, Tue 19_12_36.png

  • ESET Staff
Posted

We have to understood what is your question? Was the question why the quarantine was not 1:1 to threats? Is this correct? You have not shared details of your threats section. 

Posted
2 hours ago, MichalJ said:

We have to understood what is your question? Was the question why the quarantine was not 1:1 to threats? Is this correct? You have not shared details of your threats section. 

Hi Michal,

Sorry for not being too clear with my question.

Yes, I don't understand why Quarantine gives different information compared to the "Threats" section.

I've added a screen shot (two posts up) with "Quarantine" report, while You have the "Threats" report screenshot, two posts above that.

If you, or anyone else can please clarify why one is different than the other, i'd really appreciate it.

  • ESET Staff
Posted

Highlighted quarantine record has "Time of first occurrence" in January, which is not covered by provided list of threats - any chance this threat is available in case date filter is modified accordingly?

Posted

Not sure I follow you @MartinK

that case was still reported on the 13th, and on the 15th you also have a case which doesn't appear on the "Threats" info.

Why is that like this? what makes this information different than the other?

  • Administrators
Posted

Unfortunately we don't see a full list of threats that were detected. I can only assume that there were some detected by email protection which doesn't quarantine malicious attachments unlike other protection modules (scanners).

  • ESET Staff
Posted

One related issue was identified and resolved recently (by modules update) -> problem was that threats detected during scan (= not by real-time protection) were not properly logged on client (and thus not reported to ERA).

This can be verified in case you have access to this machine. When you open log files in EES/EAV client, check whether this threat is reported in "Detected threats" or "Computer scan". In case it was affected by mentioned bug, it will be reported in second one.

Posted
On 2/24/2017 at 10:38 AM, MartinK said:

One related issue was identified and resolved recently (by modules update) -> problem was that threats detected during scan (= not by real-time protection) were not properly logged on client (and thus not reported to ERA).

This can be verified in case you have access to this machine. When you open log files in EES/EAV client, check whether this threat is reported in "Detected threats" or "Computer scan". In case it was affected by mentioned bug, it will be reported in second one.

Hi Martin, Thanks for the extra info.

I'll need to have a look to see if that's the case here.

Is there going to be a fix to such issue? (assuming this the the case with all those missing updates (you can compare between the two screenshots i've provided in previous posts, they are parallel in terms of taken time.

 

Thanks.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...