Jump to content

Reporting - ESET Protect report that shows all definition updates for a single machine


Recommended Posts

Hi all,

I'm finding the reporting in ESET Protect a little bit stunted, and wondering if it's me or the product that's at fault here. 

We want to generate a "Antivirus Definitions Updated" report on an ad-hoc basis that would be filterable by "Computer Name" and "Data of Occurrence", and the report show the time/date stamp, detection engine database version and database date. 

I can create such a report, but it only gives me the current database version/date, not the database versions updated throughout the day and the date/time they where updated. 

For example (data added here is made up) we want to see:

Computer001, 28540P, January 9th 2024 14:00
Computer001, 28539P, January 9th 2024 12:20
Computer001, 28538P, January 9th 2024 11:10
Computer001, 28526P, January 8th 2024 17:00


Currently, my report will only give me 1 line, which would be the last time the machine updated it's database, even though it may have updated multiple times in a day. Example:

Computer001, 28540P, January 9th 2024 14:00

It seems a huge oversight to not be able to report on historical data like this, so guessing it's down to me setting up the report wrong?

Can anyone help with this, as our PCI DSS accessor needs to see each occurrence of the definition files being updated in a day, not just that it is up to date. 

Many thanks in advance.

Edited by StooIT
Link to comment
Share on other sites

  • Administrators

It is not possible to generate a report with the history of particular module updates. Honestly there's not much sense in checking the engine version since detections are updated every 10 minutes via streamed (pico) updates that are not logged whatsoever.

Link to comment
Share on other sites

These events are logged in the ESET endpoint products under Log Files/Events (ESET Kernel) I find it surprising that these events are not centrally logged on the Protect server for reporting. An example of which (from a workstation) is attached. 

Seeing as PCI DSS requires logging and reporting of these updates, I guess we'll have to rethink our endpoint security provider. 

 

 

image.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...