Jump to content

Help read Log Collector output


Go to solution Solved by Marcos,

Recommended Posts

Hello,

I am troubleshooting Mac users who reported that some Office functionalities are not working when the ES personal firewall is enabled. Since there is no events under 'Detections and quarantine' (although 'Log all blocked connections' is enabled), I ran the Log collector remotely through the ESMC interface. 

I tried to review the 'Firewalllog' found in the 'esets_logs' folder, however the log file seems to be a binary file. Is there a tool I need to have installed in order to open the .dat file and check the firewall activity? 

Thank you in advance!

Link to comment
Share on other sites

  • Administrators

The dat files are intended for analysis by ESET staff. The only way how to view the dat files is by replacing the original dat files, e.g. in a virtual machine.

Link to comment
Share on other sites

Posted (edited)
38 minutes ago, Marcos said:

The dat files are intended for analysis by ESET staff. The only way how to view the dat files is by replacing the original dat files, e.g. in a virtual machine.

Thank you for the prompt reply. 

I understand. In your opinion, what would be the best way to troubleshoot firewall related issues on my own then? Is there a way for me to look at the firewall activity for a specific system using the ESMC

We are just starting the deployment and I believe that this issue with MS Teams is just the beginning so I am looking for a way to quickly identify what exactly was blocked on an endpoint in order to start building firewall rules. 

Edited by Kostadin_k
Link to comment
Share on other sites

  • Administrators

To troubleshoot firewall related issues when pausing the firewall helps, use the firewall troubleshooting wizard (available only on Windows).

On Mac you can try switching to interactive mode and creating rules when asked about network communication.

Link to comment
Share on other sites

16 minutes ago, Marcos said:

To troubleshoot firewall related issues when pausing the firewall helps, use the firewall troubleshooting wizard (available only on Windows).

On Mac you can try switching to interactive mode and creating rules when asked about network communication.

Thank you, just one last question - Are Macs supposed to report blocked connections in the 'detection and quarantine' section like Windows devices do? 

Yes, interactive mode is an option, but I can't really rely on users to understand what they are allowing. I guess they will just allow everything.

Link to comment
Share on other sites

  • Administrators
  • Solution

Blocked connections are not reported on Windows either unless you enable logging of blocked communication in the advanced firewall setup. Even then blocked connections are reported in the Network protection log, not in the Detections log or quarantine.

On Mac it's possible to enable logging of blocked connections which are then log in the firewall log.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...