Jump to content
jdashn

Web browsing logging - ESET File Secuirty v7X

Recommended Posts

I feel like i've seen the answer to this question in the past, but have had no luck in finding the answers.

Is there a way in ESET File Security to log all web history? (Blocked + Allowed?)

Unfortunately i've got a server where a regular user has Administrative access and i'd like to see if i can utilize ESET to log all web traffic on this machine.

Thanks!!

 

Jdashn

Share this post


Link to post
Share on other sites

That's not a good idea to log every accessed url or logs may grow to hundreds of MB very quickly and if clients had to report such enormous amount of data to the ESMC server, it would become unusable soon.

If you want to report access to websites falling under a specific category, set the warning verbosity for the appropriate web control rule.

Share this post


Link to post
Share on other sites

@Marcos

Thanks a ton for the reply!!

These would be application servers, DB servers, Domain controllers - none of which should actually be regularly using the web. So web traffic should be in 0 pages per day range. Not a machine people SHOULD be using for web activity, so i'd guess the logs would actually be very small? (or would this be logging more than i'm thinking?)

I dont want to fully block, as you never know what emergency would crop up - But obviously i'd like to monitor and make sure that we're alerted to those situations, and can ask for justification (lets say if we saw someone browsing their hotmail account on a domain controller).

Even if the data would just get logged locally, and i could grab the logs regularly and parse them outside of ESMC, i was just thinking that ESET would be the best tool for this job, since it should be monitoring all that traffic anyway.

Also, this is in relation to Eset File Security (v7.X) , i think that 'Web Control' rules are only available in the 'Endpoint' products, not the server products-- unless i'm missing something?

 

Thanks

 

Jdashn

Share this post


Link to post
Share on other sites

The following would log all visited URLs locally:

image.png

If not many URLs are visited on the server, you can set the logging severity to Warning so that the URLs are reported further to the ESMC server where you can create a new report with the data as follows:

image.png

Share this post


Link to post
Share on other sites

Awesome! Thanks for the warning, and the help!!

I had guessed that putting * in under allowed sites, could start logging, but was unsure if that would then mean that i was allowing malicious sites? I'm guessing no?

Thanks again!!!

Jdashn

Share this post


Link to post
Share on other sites

Well, you are right. If a website is blocked because malware was seen there in the past, then access to the website would be allowed. However, if there was malware recognized on the website, it would be detected and blocked. The problem is no AV detects 100% of malware and malware is actively being developed so allowing all websites on the blacklist would pose a security risk.

Share this post


Link to post
Share on other sites

Sorry to be a pain, but i want to be sure i understand before applying this to (for example) a domain controller.

If i implement the logging as you've got the example above:
If I browse to a website that ESET in the past has found malware on, and blocks for me, this would be allowed

If i browse to a website that has active malware on it, eset should find, and block this (given that it's something that it knows about and regularly blocks anyway, IE not new).

 

So i'm guessing that if i want to have a secure domain controller (one that would be more likely to block a website that could be malicious), and log web activity that happens on that domain controller you're suggesting that i may want to look to another way of logging web activity outside of ESET?

 

Share this post


Link to post
Share on other sites

That's correct. Unlike Web Control, the list of Allowed addresses in the URL management setup affects access to blacklisted websites.

Share this post


Link to post
Share on other sites

Does ESET have any suggested applications that would provide this service? (guessing not?)

Or plans to add the webcontrol feature to the Windows server protection applications sometime soon? (If not could this be put forward as a feature request?)

Thanks!!

Jdashn

Share this post


Link to post
Share on other sites

It's currently possible only via Web Control. Whether it will be included in future versions of EFFW, there are currently no such plans. I assume that it's not demanded by EFSW users. Even then, it would have to be probably included with a new product EFSW Premium or something along that line which doesn't exist yet and is not planned yet either.

Share this post


Link to post
Share on other sites

And just to be sure i'm not missing something, there is no way to install Eset AV or Security on a Windows Server OS?

No eset web control possible on a windows Server OS, right?

 

Sorry again to pester!

Thank you,

Jdashn

 

 

Share this post


Link to post
Share on other sites

I'm not sure but I assume there's currently no restriction and you could at least try installing EES on the server. Of course, this was not tested and even possible issues may not be considered bugs. Also future versions of Endpoint may not install on servers.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...