Scan progress on client tasks

j-gray · September 24, 2015

I'm running a task on 6 clients to remove 'Active Threats'. From Client Tasks, I can see the task started and is presumably still running. However, one client finished the full/in-depth scan in 1 hour, yet the other 5 are apparently still scanning after 3+ hours.

Is there any way to tell percent scanned/percent remaining, time to estimated completion, or anything that indicates progress for each client?

j-gray · September 24, 2015

Scans are still running after almost 6 hours, according to RA console. Is this normal for 500GB hard drives?

jimwillsher · September 24, 2015

Can you RDP or team viewer etc to the client and double click the eset icon, as that will show you what scans are in progress.

j-gray · September 24, 2015

Can you RDP or team viewer etc to the client and double click the eset icon, as that will show you what scans are in progress.

Thanks for the reply.

Looks like they're all offline now and they're remote, so I don't have access at the moment.

Oddly, the client task still shows that status as 'Running'.

The workstations have likely been off close to an hour and our RA agent connection policy is set to every 60 seconds, so I'm not sure why the task status is not updating correctly.

Either way, if the scans take this long to complete, I'm not sure we'll ever clear the 'Active Threat' statuses.

Marcos · September 24, 2015

It could be that the computers were shut down when the scan was still running or it crashed for some reason and thus agent did not report it as completed. I'd suggest checking it directly in the Endpoint scan log when the user gets online.

jimwillsher · September 25, 2015

exactly. If the client computers were shut down, they won't check-in and therefore they can't update the status in ERA.

j-gray · September 25, 2015

It could be that the computers were shut down when the scan was still running or it crashed for some reason and thus agent did not report it as completed. I'd suggest checking it directly in the Endpoint scan log when the user gets online.

What is the expected behavior when the workstations come back online? Will the scan resume, or will it simply trigger a failed status in the RA console once the agent reports back?

j-gray · September 28, 2015

It could be that the computers were shut down when the scan was still running or it crashed for some reason and thus agent did not report it as completed. I'd suggest checking it directly in the Endpoint scan log when the user gets online.

Which log file are you referring to and where is it located? I'm looking at the trace.log file, which looks pretty cryptic. It doesn't seem to reflect the correct time, either.

jimwillsher · September 28, 2015

Remember that the log files have times stored in UTC time.

Marcos · September 29, 2015

I mean "Computer scan" logs in Endpoint on the client. These should use the local time.

j-gray · September 29, 2015

I mean "Computer scan" logs in Endpoint on the client. These should use the local time.

Quite a few seem to be failing and logging in to each workstation to launch and check the endpoint GUI is not feasible.

Are the log files located in a directory where they can be viewed without requiring the GUI? If so, where are they located?

j-gray · October 1, 2015

Are the log files located in a directory where they can be viewed without requiring the GUI? If so, where are they located?

TomasP · October 1, 2015

They are saved in a .dat file which is not in a plain text format.

The folder is C:\ProgramData\ESET\<product name>\Logs

j-gray · October 5, 2015

They are saved in a .dat file which is not in a plain text format.

The folder is C:\ProgramData\ESET\<product name>\Logs

Can these client logs be viewed at all via the Remote Administration server?

Or is there any other way to view logs and/or troubleshoot the client without having to remote into individual systems?

bbraunstein · October 5, 2015

Nope. Client logs are not fetched at all by the server. Same goes for the actual Remote Administration server as well: the Web Console does not pull the logs, even if the Web Console is installed on the same server as the ERAS.

It makes troubleshooting from either end, client-side and server-side, a pain in the .

bbraunstein · October 5, 2015

Or is there any other way to view logs and/or troubleshoot the client without having to remote into individual systems?

Your only options are to have the clients send you the logs or you physically walk over to the computer.

TomasP · October 6, 2015

Can these client logs be viewed at all via the Remote Administration server?

Or is there any other way to view logs and/or troubleshoot the client without having to remote into individual systems?

When you create reports in ERA, the Agent then reads data from these logs, sends them to ERA and the information can then be viewed and analyzed.

genopsyde · November 12, 2015

I'm running a task on 6 clients to remove 'Active Threats'. From Client Tasks, I can see the task started and is presumably still running. However, one client finished the full/in-depth scan in 1 hour, yet the other 5 are apparently still scanning after 3+ hours....

I'm running ERA 6.2 and I have noticed the same behavior for many of my computers. There is a dynamic task in the "client tasks" which will run an "in-depth with cleaning" scan on any computer that is placed in the group "computers with active threats". My Surface Pro 2 was the first and only ESET 6 Agent enabled computer while testing and I noticed that my laptop was running something idiotic like 5 scans a the same time.

I'm very mobile as well so when I move from my docking station to wireless and then back, I noticed another scan started up. This is after it had finished the 5 previous scans... then a few more scans would start.

I thought my laptop was also starting scans when unlocking so I tried turning down the "startup scan" settings (since you cannot turn OFF the startup scan).

The dynamic scan for the group "computers with active threats" when computers are added to the group has some kind of flaw in ERA. If the computer does not clear the threats, then it starts another scan, then another, then another.

I have a few machines that had 24 separate scans run in the course of 1 day. All because of the something like ASK TOOLBAR.

They are not fast scans either of course and take up to 1hr each because they are "in-depth"

Deleting this dynamic task will stop the multi-scanning... sort of. There is still times when I notice my laptop running 2 scans at the same time and I think it has to do with the startup scan or somehow thinking that my changing network connections is causing a scan to start. So now I have to check ERA every couple of days and run a manual "in-depth" scan on every computer in the list which has something benign like ASK which gets pushed alongside of Java updates.

It's just ridiculous though. I can't figure out where all these scans are coming from.

Edited November 12, 2015 by genopsyde

Sign In

Scan progress on client tasks

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics