Jump to content
AGH1965

Log files - Detections not functioning in EIS 12.1.31.0

Recommended Posts

This week EIS 12.1.31.0 discovered two trojans while scanning. Although I interupted the scan and didn't give EIS a chance to get rid of the trojans, I was surprised that Log files - Detections didn't show any detections at all. I assumed that it was caused by the interruption. Therefore I let EIS scan the folder containing the trojans again and when they were found again, I let EIS remove them. However, even after that, Log files - Detections didn't show any detections. On the other hand, Log files - Computer scans clearly showed that there were detections. It seems to me that Log files - Detections is no longer functioning in EIS 12.1.31.0.

Share this post


Link to post
Share on other sites
Quote

This week EIS 12.1.31.0 discovered two trojans while scanning

What scanner did detect the malware? If it was the on-demand or idle-state scanner, you must check the Computer scan logs for results. If it was other scanners (real-time, emai, AMS, etc.), then the Detection log should be checked for details.

Share this post


Link to post
Share on other sites

@Marcos Are you saying that detections from a sceduled scan will never appear in the Detections log? ESET Online Help says: "This log offers detailed information about detections and infiltrations detected by ESET Internet Security." No sign of distiction between scanners. Therefore I expect the Detections log to show all detections. Besides, what is the benefit of hiding some of the detections? Please try to keep the GUI logical!

Share this post


Link to post
Share on other sites

On-demand scanner logs typically contain a lot of entries which do not only include threat detections but also errors (e.g. errors opening files, scanning password protected files, damaged archives, etc.). It's been designed this way since NOD32 v1 dozens of years ago and I assume 99% if not 100% of AVs log detections just like that.

Moreover, on-demand scans should not normally detect anything if an initial scan was run, all protection modules have been active and modules have been kept up to date.

 

 

Share this post


Link to post
Share on other sites

 

17 hours ago, Marcos said:

Moreover, on-demand scans should not normally detect anything if an initial scan was run, all protection modules have been active and modules have been kept up to date.

@Marcos You make it sound as if on-demand scans are only useful for people who interfere with EIS doing its work, but I'm not aware of any interference from my side, on the contrary. Apparently the Win32/Filecoder.GrandCrab trojans that the on-demand scan found in my case, were not recognized by EIS when the files containing them were written to the hard drive a day earlier. So I guess I was lucky that the on-demand scan recognized them before they could do any harm.

Share this post


Link to post
Share on other sites
34 minutes ago, AGH1965 said:

Apparently the Win32/Filecoder.GrandCrab trojans that the on-demand scan found in my case, were not recognized by EIS when the files containing them were written to the hard drive a day earlier.

If they were script based, PowerShell for example, and the script was encrypted, obfuscated, etc., Eset would not have detected it at file creation time. If you are running Win 10, Eset most likely would have detect it when the script was executed.

As far as your case where a later on demand scan detected the ransomware, it assumed Eset had blacklisted it or created a sig. for it after the time it was downloaded to your HDD. So if it was subsequently executed a day later regardless of on demand scan status, Eset would have detected it upon start up.  

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...