Jump to content

Reporting - ESET Protect report that shows all definition updates for a single machine


Recommended Posts

Hi all,

I'm finding the reporting in ESET Protect a little bit stunted, and wondering if it's me or the product that's at fault here. 

We want to generate a "Antivirus Definitions Updated" report on an ad-hoc basis that would be filterable by "Computer Name" and "Data of Occurrence", and the report show the time/date stamp, detection engine database version and database date. 

I can create such a report, but it only gives me the current database version/date, not the database versions updated throughout the day and the date/time they where updated. 

For example (data added here is made up) we want to see:

Computer001, 28540P, January 9th 2024 14:00
Computer001, 28539P, January 9th 2024 12:20
Computer001, 28538P, January 9th 2024 11:10
Computer001, 28526P, January 8th 2024 17:00


Currently, my report will only give me 1 line, which would be the last time the machine updated it's database, even though it may have updated multiple times in a day. Example:

Computer001, 28540P, January 9th 2024 14:00

It seems a huge oversight to not be able to report on historical data like this, so guessing it's down to me setting up the report wrong?

Can anyone help with this, as our PCI DSS accessor needs to see each occurrence of the definition files being updated in a day, not just that it is up to date. 

Many thanks in advance.

Edited by StooIT
Link to comment
Share on other sites

  • Administrators

It is not possible to generate a report with the history of particular module updates. Honestly there's not much sense in checking the engine version since detections are updated every 10 minutes via streamed (pico) updates that are not logged whatsoever.

Link to comment
Share on other sites

These events are logged in the ESET endpoint products under Log Files/Events (ESET Kernel) I find it surprising that these events are not centrally logged on the Protect server for reporting. An example of which (from a workstation) is attached. 

Seeing as PCI DSS requires logging and reporting of these updates, I guess we'll have to rethink our endpoint security provider. 

 

 

image.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...