Jump to content

Scan progress on client tasks


j-gray
 Share

Recommended Posts

I'm running a task on 6 clients to remove 'Active Threats'.  From Client Tasks, I can see the task started and is presumably still running. However, one client finished the full/in-depth scan in 1 hour, yet the other 5 are apparently still scanning after 3+ hours.

 

Is there any way to tell percent scanned/percent remaining, time to estimated completion, or anything that indicates progress for each client?  

Link to comment
Share on other sites

Can you RDP or team viewer etc to the client and double click the eset icon, as that will show you what scans are in progress.

Thanks for the reply.

 

Looks like they're all offline now and they're remote, so I don't have access at the moment.

 

Oddly, the client task still shows that status as 'Running'.

 

The workstations have likely been off close to an hour and our RA agent connection policy is set to every 60 seconds, so I'm not sure why the task status is not updating correctly.

 

Either way, if the scans take this long to complete, I'm not sure we'll ever clear the 'Active Threat' statuses.

Link to comment
Share on other sites

  • Administrators

It could be that the computers were shut down when the scan was still running or it crashed for some reason and thus agent did not report it as completed. I'd suggest checking it directly in the Endpoint scan log when the user gets online.

Link to comment
Share on other sites

It could be that the computers were shut down when the scan was still running or it crashed for some reason and thus agent did not report it as completed. I'd suggest checking it directly in the Endpoint scan log when the user gets online.

What is the expected behavior when the workstations come back online?  Will the scan resume, or will it simply trigger a failed status in the RA console once the agent reports back?

Link to comment
Share on other sites

It could be that the computers were shut down when the scan was still running or it crashed for some reason and thus agent did not report it as completed. I'd suggest checking it directly in the Endpoint scan log when the user gets online.

Which log file are you referring to and where is it located?  I'm looking at the trace.log file, which looks pretty cryptic. It doesn't seem to reflect the correct time, either.

Link to comment
Share on other sites

I mean "Computer scan" logs in Endpoint on the client. These should use the local time.

Quite a few seem to be failing and logging in to each workstation to launch and check the endpoint GUI is not feasible.

 

Are the log files located in a directory where they can be viewed without requiring the GUI? If so, where are they located?

Link to comment
Share on other sites

  • ESET Moderators

They are saved in a .dat file which is not in a plain text format.

The folder is C:\ProgramData\ESET\<product name>\Logs

Link to comment
Share on other sites

They are saved in a .dat file which is not in a plain text format.

The folder is C:\ProgramData\ESET\<product name>\Logs

Can these client logs be viewed at all via the Remote Administration server?

 

Or is there any other way to view logs and/or troubleshoot the client without having to remote into individual systems?

Link to comment
Share on other sites

Nope. Client logs are not fetched at all by the server. Same goes for the actual Remote Administration server as well: the Web Console does not pull the logs, even if the Web Console is installed on the same server as the ERAS.

 

It makes troubleshooting from either end, client-side and server-side, a pain in the . 

Link to comment
Share on other sites

Or is there any other way to view logs and/or troubleshoot the client without having to remote into individual systems?

 

 

Your only options are to have the clients send you the logs or you physically walk over to the computer. 

Link to comment
Share on other sites

  • ESET Moderators

Can these client logs be viewed at all via the Remote Administration server?

 

Or is there any other way to view logs and/or troubleshoot the client without having to remote into individual systems?

 

When you create reports in ERA, the Agent then reads data from these logs, sends them to ERA and the information can then be viewed and analyzed.

Link to comment
Share on other sites

  • 1 month later...

I'm running a task on 6 clients to remove 'Active Threats'.  From Client Tasks, I can see the task started and is presumably still running. However, one client finished the full/in-depth scan in 1 hour, yet the other 5 are apparently still scanning after 3+ hours....

 

I'm running ERA 6.2 and I have noticed the same behavior for many of my computers.  There is a dynamic task in the "client tasks" which will run an "in-depth with cleaning" scan on any computer that is placed in the group "computers with active threats".  My Surface Pro 2 was the first and only ESET 6 Agent enabled computer while testing and I noticed that my laptop was running something idiotic like 5 scans a the same time.

I'm very mobile as well so when I move from my docking station to wireless and then back, I noticed another scan started up.  This is after it had finished the 5 previous scans... then a few more scans would start.

I thought my laptop was also starting scans when unlocking so I tried turning down the "startup scan" settings (since you cannot turn OFF the startup scan).

 

The dynamic scan for the group "computers with active threats" when computers are added to the group has some kind of flaw in ERA.  If the computer does not clear the threats, then it starts another scan, then another, then another.

I have a few machines that had 24 separate scans run in the course of 1 day.  All because of the something like ASK TOOLBAR.

They are not fast scans either of course and take up to 1hr each because they are "in-depth"

 

Deleting this dynamic task will stop the multi-scanning... sort of.  There is still times when I notice my laptop running 2 scans at the same time and I think it has to do with the startup scan or somehow thinking that my changing network connections is causing a scan to start. So now I have to check ERA every couple of days and run a manual "in-depth" scan on every computer in the list which has something benign like ASK which gets pushed alongside of Java updates.

 

It's just ridiculous though.  I can't figure out where all these scans are coming from.

Edited by genopsyde
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...