Jump to content

LiveGrid Not Logging File Submissions

itman
 Share

Recommended Posts

itman

itman 1,659

Posted
Posted

A couple of days ago, I did a full Win 10 1803 installed drive scan with Admin privleges. When the scan ended, I observed a FND6 file present in C:\ProgramData\ESET\ESET Security\Charon directory. This indicates at least 5 other FND files were created and submitted to LiveGrid for analysis since they are numbered in sequence. Eset's Event log had no entries present for file submissions. And yes, LiveGrid's event logging option is enabled.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

How do you know they were actually submitted? If someone else has submitted them, then the submission was rejected and the files in the cache were deleted.

Link to comment
Share on other sites
itman

itman 1,659

Posted
  • Author
Posted
7 hours ago, Marcos said:

How do you know they were actually submitted? If someone else has submitted them, then the submission was rejected and the files in the cache were deleted.

Yes, that is entirely possible. It all depends on how you define "submission." For me, it means when the files are transmitted regardless of acceptance status.

Implied from what you stated is that a status from LiveGrid server would be sent back to the submitter device that the file was accepted. Then the submission would be logged. A "bit of a stretch" on that one I believe as follows. At least one file, FND6, did remain in the cache directory for an extended period of time which would be indicative of acceptance. There was no log entry for this file which was appox. 24K in size.

An enhancement to this feature would be a status indicator in the log entry along the lines of numerical value for example:

1. Submitted but previously analyzed.

2. Submitted and accepted for further analysis.

3. Submitted and analysis completed.

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

I don't know what the response from LiveGrid servers was, however, regardless of the response the cached file would have been either deleted or submitted. If it was deleted and nothing was logged, it had to be rejected by LiveGrid servers. Next time you can make a backup copy of such file so that we can investigate it further.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...