Finding threats?

[j-gray 37]

I have a Windows workstation (latest agent, AV = 7.0.2091.0). It has been scanned three times over two days. Each scan reports the same: 'Critical': 48 infected, 0 cleaned.

When I go to the linked client details, it shows only 2 warnings for PUP's in the Threats/Quarantine section. In the ERA console view, the workstation shows with a green check showing status 'OK', but also reflects the two active threats. The 'High severity scans in last 30 days' reflects the three scans each showing 48 infections.

I haven't yet found a report or view that details what items are infected.

My questions are:

1. Where can I look to see what items are infected and/or why they were not handled?
2. If the system is infected, why is not flagged as such? It shows status 'OK' and only reflects the two PUP warnings. Nothing else in the client view indicates any infections or issues otherwise.

Thank you.

[Marcos 5,228]

Please gather a complete set of logs with ESET Log Collector (select All in the drop-down menu). I'd like to check raw logs from the client first.

[j-gray 37]

@Marcos I've attempted to get the logs over several days, but each time I get the following: "Failed to start application |  Log collector command timed out and was terminated"

Didn't find any details why it's failing. Other tasks appear to be running without issue. Any suggestions how to troubleshoot this?

[j-gray 37]

I updated the client to 7.0.2091 and rebooted last night. Today I attempted to run the log collector again. Still get the same timeout error.

Any suggestions how to troubleshoot log collector failures? Does the log collector create its own logs somewhere?

[Marcos 5,228]

I'd suggest raising a support ticket for customer care.  It is weird that ELC has some issues gathering logs, perhaps a Procmon log from the time ELC is running could shed more light.