Log files - Detections not functioning in EIS 12.1.31.0

[AGH1965 12]

This week EIS 12.1.31.0 discovered two trojans while scanning. Although I interupted the scan and didn't give EIS a chance to get rid of the trojans, I was surprised that Log files - Detections didn't show any detections at all. I assumed that it was caused by the interruption. Therefore I let EIS scan the folder containing the trojans again and when they were found again, I let EIS remove them. However, even after that, Log files - Detections didn't show any detections. On the other hand, Log files - Computer scans clearly showed that there were detections. It seems to me that Log files - Detections is no longer functioning in EIS 12.1.31.0.

[Marcos 5,070]

Quote

This week EIS 12.1.31.0 discovered two trojans while scanning

What scanner did detect the malware? If it was the on-demand or idle-state scanner, you must check the Computer scan logs for results. If it was other scanners (real-time, emai, AMS, etc.), then the Detection log should be checked for details.

[AGH1965 12]

@Marcos Are you saying that detections from a sceduled scan will never appear in the Detections log? ESET Online Help says: "This log offers detailed information about detections and infiltrations detected by ESET Internet Security." No sign of distiction between scanners. Therefore I expect the Detections log to show all detections. Besides, what is the benefit of hiding some of the detections? Please try to keep the GUI logical!

[Marcos 5,070]

On-demand scanner logs typically contain a lot of entries which do not only include threat detections but also errors (e.g. errors opening files, scanning password protected files, damaged archives, etc.). It's been designed this way since NOD32 v1 dozens of years ago and I assume 99% if not 100% of AVs log detections just like that.

Moreover, on-demand scans should not normally detect anything if an initial scan was run, all protection modules have been active and modules have been kept up to date.

 

 

[AGH1965 12]

 

17 hours ago, Marcos said:

Moreover, on-demand scans should not normally detect anything if an initial scan was run, all protection modules have been active and modules have been kept up to date.

@Marcos You make it sound as if on-demand scans are only useful for people who interfere with EIS doing its work, but I'm not aware of any interference from my side, on the contrary. Apparently the Win32/Filecoder.GrandCrab trojans that the on-demand scan found in my case, were not recognized by EIS when the files containing them were written to the hard drive a day earlier. So I guess I was lucky that the on-demand scan recognized them before they could do any harm.

[itman 1,659]

34 minutes ago, AGH1965 said:

Apparently the Win32/Filecoder.GrandCrab trojans that the on-demand scan found in my case, were not recognized by EIS when the files containing them were written to the hard drive a day earlier.

If they were script based, PowerShell for example, and the script was encrypted, obfuscated, etc., Eset would not have detected it at file creation time. If you are running Win 10, Eset most likely would have detect it when the script was executed.

As far as your case where a later on demand scan detected the ransomware, it assumed Eset had blacklisted it or created a sig. for it after the time it was downloaded to your HDD. So if it was subsequently executed a day later regardless of on demand scan status, Eset would have detected it upon start up.