j-gray 37 Posted February 22, 2019 Share Posted February 22, 2019 I have a Windows workstation (latest agent, AV = 7.0.2091.0). It has been scanned three times over two days. Each scan reports the same: 'Critical': 48 infected, 0 cleaned. When I go to the linked client details, it shows only 2 warnings for PUP's in the Threats/Quarantine section. In the ERA console view, the workstation shows with a green check showing status 'OK', but also reflects the two active threats. The 'High severity scans in last 30 days' reflects the three scans each showing 48 infections. I haven't yet found a report or view that details what items are infected. My questions are: Where can I look to see what items are infected and/or why they were not handled? If the system is infected, why is not flagged as such? It shows status 'OK' and only reflects the two PUP warnings. Nothing else in the client view indicates any infections or issues otherwise. Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted February 22, 2019 Administrators Share Posted February 22, 2019 Please gather a complete set of logs with ESET Log Collector (select All in the drop-down menu). I'd like to check raw logs from the client first. Link to comment Share on other sites More sharing options...
j-gray 37 Posted February 27, 2019 Author Share Posted February 27, 2019 @Marcos I've attempted to get the logs over several days, but each time I get the following: "Failed to start application | Log collector command timed out and was terminated" Didn't find any details why it's failing. Other tasks appear to be running without issue. Any suggestions how to troubleshoot this? Link to comment Share on other sites More sharing options...
j-gray 37 Posted March 8, 2019 Author Share Posted March 8, 2019 I updated the client to 7.0.2091 and rebooted last night. Today I attempted to run the log collector again. Still get the same timeout error. Any suggestions how to troubleshoot log collector failures? Does the log collector create its own logs somewhere? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted March 8, 2019 Administrators Share Posted March 8, 2019 I'd suggest raising a support ticket for customer care. It is weird that ELC has some issues gathering logs, perhaps a Procmon log from the time ELC is running could shed more light. Link to comment Share on other sites More sharing options...
Recommended Posts