stevemaser 2 Posted March 31, 2014 Share Posted March 31, 2014 So, we are evaluating "System Center 2012 Endpoint Protection" -- which is Microsoft's purchase/rebranding of ESET. We are finding that having the "Real-Time File System Protection" enabled -- even with Tools --> Logs -- Computer Scan Log Records Default Filter having all checkboxes disabled that the "scep_daemon" is logging an excessive amount of data when users are running Mail.app, Safari, Calendar, etc... (example): scep_daemon[310]: summ[01360a00]: vdb=17694, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail 2)/BackingStoreUpdateJournal", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" However, I'm not here to ask about SCEP. But, noticing the above, we got a trial version of ESET 6.0.9.1 -- and we are seeing the same excessive logging (this time with esets_daemon) in system.log for the same actions (so it's not specifically an SCEP problem...) is there a way to disable this excessive logging to system.log with the RTFSP enabled? This excessive logging generates a ton of noise when we are looking into system.log for other things. Thanks! Link to comment Share on other sites More sharing options...
stevemaser 2 Posted April 2, 2014 Author Share Posted April 2, 2014 No response to this from anybody? Is this just expected behavior with ESET? Link to comment Share on other sites More sharing options...
SweX 871 Posted April 2, 2014 Share Posted April 2, 2014 Is this just expected behavior with ESET? No it's not. Personally, I didn't respond since I don't know the answer. And I don't know why no one official have responded yet, but it happens it goes days sometimes but as I said I don't know why no one have responded. But I agree someone should have responded by now. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted April 2, 2014 Share Posted April 2, 2014 I read over this as well and i was not sure what to answer with. First off, i didnt know Microsoft made SCEP with eset definitions, is it using their modules as well ? anti phishing, web control etc ? I must have missed the ESET press release on that one. Maybe a Mod will answer this question too. Second, the only closely related issue i have heard of is the environment variable eset_daemon causing several issues due to the index, or data having a few thousand null characers or spaces. Check the environment variables for scep_daemon on one of the clients and see if exists and what the data or value is. The fastest way to receive support in time sensitive cases is to contact ESET by phone. However, if you stick around, i am confident staff will address your concerns. They may be testing through a vm together, or researching the matter at hand before responding or replying here with steps or resolution to your problem. Thanks and sorry for the delay Steve. Link to comment Share on other sites More sharing options...
stevemaser 2 Posted April 3, 2014 Author Share Posted April 3, 2014 (edited) Just to confirm: This is not an SCEP issue. This also happens with ESET 6.0: Here's an example of just one minute of using my mac as normal and what gets logged (if I grep "esets_daemon"...) Apr 3 08:50:08 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130700]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/C/com.apple.mail/mds/mdsDirectory.db_", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:11 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130c00]: vdb=17707, agent=fac, name="/Users/maser/Library/Caches/.dat023f.001", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:17 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130800]: vdb=17707, agent=fac, name="/Users/maser/Library/Preferences/com.apple.AddressBook.plist.gS4qOzE", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:34 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130600]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/Mail Attachment.ics", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:34 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130500]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/invite.ics", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:34 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130700]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/4697752104 (18 seconds) Voice Mail.mp3", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:39 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130700]: vdb=17707, agent=fac, name="/Users/maser/Library/Containers/com.apple.mail/Data/Library/Preferences/com.apple.mail.plist.npeH6kP", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:47 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130c00]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/Senior Picture Release_04012014144714.pdf", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:47 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130600]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/Senior Picture Office Flyer_04012014144735.pdf", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:47 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130800]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/system.log", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:53 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130600]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/Senior Picture Release_04012014144714.pdf", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:53 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130300]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/Senior Picture Office Flyer_04012014144735.pdf", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:53 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130b00]: vdb=17707, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv8m7xf9l/T/com.apple.mail/TemporaryItems/(A Document Being Saved By Mail)/DETAILS.doc", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 3 08:50:57 m-c02hw55bdrvg.local esets_daemon[275]: summ[01130800]: vdb=17707, agent=fac, name="/Users/maser/Library/Mail/V2/MailData/BackingStoreUpdateJournal", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" A There is a *lot* of this kind of logging... Edited April 3, 2014 by stevemaser Link to comment Share on other sites More sharing options...
dixon1dw 0 Posted April 9, 2014 Share Posted April 9, 2014 Any updates on this from ESET support? Really looking to hear a response from ESET regarding this issue. Thank You Link to comment Share on other sites More sharing options...
stevemaser 2 Posted April 14, 2014 Author Share Posted April 14, 2014 It's been another week (actually over two weeks since the initial post) -- and nothing? I have to say -- if this is how users are supposed to get support for the product -- it's underwhelming and not very confidence-enducing... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted April 15, 2014 Administrators Share Posted April 15, 2014 Please contact Customer care who should request you to run a special script to collect all necessary information that will be subsequently passed to engineers for analysis. Link to comment Share on other sites More sharing options...
stevemaser 2 Posted April 15, 2014 Author Share Posted April 15, 2014 OK. I'll try that route... Thanks. Link to comment Share on other sites More sharing options...
ESET Staff JamesR 58 Posted May 2, 2014 ESET Staff Share Posted May 2, 2014 Hello, In some testing I and another did today, we beleive we may have found the solution you are looking for. Can you execut the 2 following commands from a terminal and then rebooting? As you are using the "Microsoft's purchase/rebranding of ESET" you may need to locate the "esets_set" command and change the file path to reflect the path to your "esets_set". Please inform us if this works to filter all the esets entries in your system.log. sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class=none sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class If for some reason the commands are giving syntax errors, please let me know the following information: - The Mac OS X version - Which ESET CyberSecurity product you are using (CyberSecurity or CyberSecurity Pro) - The version number for your CyberSecurity product (5 or 6). We may need to adjust the folder path depending on your installed ESET product. Again, please reply to this thread to let us know if this resolves the issue. Link to comment Share on other sites More sharing options...
Former ESET Employees AlexJ 9 Posted May 5, 2014 Former ESET Employees Share Posted May 5, 2014 After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file. Please ensure the previous syslog_class option is commented out or removed from the esets.cfg file. You can do this by running the following command: sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class After that please run the command below to add syslog_facility=none to the global section of the esets.cfg file: sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file. Please submit replies to the following thread so we can consolidate https://forum.eset.com/topic/2324-how-to-disable-systemlog-logging/ Link to comment Share on other sites More sharing options...
Recommended Posts