Log files

Log files contain information about important program events and provide an overview of detected threats. Logging is an essential part of system analysis, threat detection and troubleshooting. Logging is performed actively in the background with no user interaction. Information is recorded based on the current log verbosity settings. It is possible to view text messages and logs directly from the ESET NOD32 Antivirus environment, as well as to archive logs.


Log files are accessible from the main program window by clicking Tools > Log files. Select the desired log type from the Log drop-down menu. The following logs are available:

Detections – This log offers detailed information about detections and infiltrations detected by ESET NOD32 Antivirus. Log information includes the time of detection, scanner type, object type, object location, name of detection, the action taken, name of the user logged when the infiltration was detected, hash, and first occurrence. Not cleaned infiltrations are always marked with red text on a light red background. Cleaned infiltrations are marked with yellow text on white background. Not cleaned PUAs or Potentially unsafe applications are marked with yellow text on white background.

Events – All important actions performed by ESET NOD32 Antivirus are recorded in the event log. The event log contains information about events and errors in the program. It is designed for system administrators and users to solve problems. The information found here can often help you find a solution for a problem occurring in the program.

Computer scan – Results of all previous scans are displayed in this window. Each line corresponds to a single computer scan. Double-click any entry to view the details of the selected scan.

HIPS – Contains records of specific HIPS rules which are marked for recording. The protocol shows the application that triggered the operation, the result (whether the rule was permitted or prohibited) and the rule name.

Filtered websites – This list is useful if you want to view a list of websites that were blocked by Web access protection. Each log includes time, URL address, user and application that created a connection to a specific website.

Device control – Contains records of removable media or devices that were connected to the computer. Only devices with respective Device control rules will be recorded to the log file. If the rule does not match a connected device, a log entry for a connected device will not be created. You can also view details such as device type, serial number, vendor name and media size (if available).

Select the contents of any log and press CTRL + C to copy it to the clipboard. Hold CTRL or SHIFT to select multiple entries.

Click MODULE_INACTIVE Filtering to open the Log filtering window where you can define filtering criteria.

Right-click a specific record to open the context menu. The following options are available in the context menu:

Show – Shows more detailed information about the selected log in a new window.

Filter same records – After activating this filter, you will only see records of the same type (diagnostics, warnings, etc.).

Filter – After clicking this option, the Log filtering window will allow you to define filtering criteria for specific log entries.

Enable filter – Activates filter settings.

Disable filter – Clears all filter settings (as described above).

Copy/Copy all – Copies information about the selected records on the window.

Delete/Delete all – Deletes the selected records or all displayed records. This action requires administrator privileges.

Export/Export all – Exports information about the selected records or all the records in XML format.

Find/Find next/Find previous – After clicking this option, you can define filtering criteria to highlight the specific entry using the Log filtering window.

Detection description – Opens the ESET Threat Encyclopedia, which contains detailed information about the dangers and symptoms of the recorded infiltration.

Create exclusion – Create a new Detection exclusion using a wizard (Not available for malware detections).