avielc 56 Posted February 21, 2017 Posted February 21, 2017 Hi everyone, I'm trying to create a weekly report that reports the threats I see under the "threats section of the web console Usually these threats are typed as " Trojans" I'd like to make the template get me information for the last 7 days. But for some reason, Quarantine section has no option of that kind + trying to mix different filters isn't seemed to be allowed. Please assist.
ESET Staff MichalJ 434 Posted February 21, 2017 ESET Staff Posted February 21, 2017 You need to use a different set of symbols for that. Instead of "quarantine" you have to use symbol type "antivirus threat". The data you are searching is available by default in the report template "Report: Threat events in last 7 days" which you can find under "Reports". You can also place it to the dashboard, or edit it, to remove columns you are not interested in.
avielc 56 Posted February 21, 2017 Author Posted February 21, 2017 2 hours ago, MichalJ said: You need to use a different set of symbols for that. Instead of "quarantine" you have to use symbol type "antivirus threat". The data you are searching is available by default in the report template "Report: Threat events in last 7 days" which you can find under "Reports". You can also place it to the dashboard, or edit it, to remove columns you are not interested in. Hi @MichalJ, Thanks for the quick reply. I'm afraid that under that report I get an empty page. Nothing appears there. Is something wrong? attaching an example:
ESET Staff MichalJ 434 Posted February 21, 2017 ESET Staff Posted February 21, 2017 (edited) What you see in the "Threats" section of ESET Remote Administrator? Are those threats really happening recently (in the last 7 days)? Also, are they reported by "Antivirus" or by other components? Edited February 21, 2017 by MichalJ
avielc 56 Posted February 21, 2017 Author Posted February 21, 2017 2 minutes ago, MichalJ said: What you see in the "Threats" section of ESET Remote Administrator? Are those threats really happening recently (in the last 7 days)? Also, are they reported by "Antivirus" or by other components? Yes, Here is a screenshot of the threats window
Administrators Marcos 5,408 Posted February 21, 2017 Administrators Posted February 21, 2017 The threats were detected on Feb 14 which is exactly 7 days ago. Just in case, trigger an alert by downloading the eicar test file from http://www.eicar.org/download/eicar.com to ensure that a fresh threat alert is generated and then create the report again.
avielc 56 Posted February 21, 2017 Author Posted February 21, 2017 I tested what you said by simply altering the amount of days to a few more back, You're right, that's kinda odd, seems Quarantine, is a different category, (which I have used instead) and it reports an extra entries I don't see on the threats list, could you tell me why is that? (related to the restorable information) Adding a screenshot of the Quarantine report which doesn't appear on the previous screenshot.
ESET Staff MichalJ 434 Posted February 23, 2017 ESET Staff Posted February 23, 2017 We have to understood what is your question? Was the question why the quarantine was not 1:1 to threats? Is this correct? You have not shared details of your threats section.
avielc 56 Posted February 23, 2017 Author Posted February 23, 2017 2 hours ago, MichalJ said: We have to understood what is your question? Was the question why the quarantine was not 1:1 to threats? Is this correct? You have not shared details of your threats section. Hi Michal, Sorry for not being too clear with my question. Yes, I don't understand why Quarantine gives different information compared to the "Threats" section. I've added a screen shot (two posts up) with "Quarantine" report, while You have the "Threats" report screenshot, two posts above that. If you, or anyone else can please clarify why one is different than the other, i'd really appreciate it.
ESET Staff MartinK 384 Posted February 23, 2017 ESET Staff Posted February 23, 2017 Highlighted quarantine record has "Time of first occurrence" in January, which is not covered by provided list of threats - any chance this threat is available in case date filter is modified accordingly?
avielc 56 Posted February 23, 2017 Author Posted February 23, 2017 Not sure I follow you @MartinK that case was still reported on the 13th, and on the 15th you also have a case which doesn't appear on the "Threats" info. Why is that like this? what makes this information different than the other?
Administrators Marcos 5,408 Posted February 23, 2017 Administrators Posted February 23, 2017 Unfortunately we don't see a full list of threats that were detected. I can only assume that there were some detected by email protection which doesn't quarantine malicious attachments unlike other protection modules (scanners).
ESET Staff MartinK 384 Posted February 24, 2017 ESET Staff Posted February 24, 2017 One related issue was identified and resolved recently (by modules update) -> problem was that threats detected during scan (= not by real-time protection) were not properly logged on client (and thus not reported to ERA). This can be verified in case you have access to this machine. When you open log files in EES/EAV client, check whether this threat is reported in "Detected threats" or "Computer scan". In case it was affected by mentioned bug, it will be reported in second one.
avielc 56 Posted February 26, 2017 Author Posted February 26, 2017 On 2/24/2017 at 10:38 AM, MartinK said: One related issue was identified and resolved recently (by modules update) -> problem was that threats detected during scan (= not by real-time protection) were not properly logged on client (and thus not reported to ERA). This can be verified in case you have access to this machine. When you open log files in EES/EAV client, check whether this threat is reported in "Detected threats" or "Computer scan". In case it was affected by mentioned bug, it will be reported in second one. Hi Martin, Thanks for the extra info. I'll need to have a look to see if that's the case here. Is there going to be a fix to such issue? (assuming this the the case with all those missing updates (you can compare between the two screenshots i've provided in previous posts, they are parallel in terms of taken time. Thanks.
Recommended Posts