˄˅

Provided data

All the WMI classes related to ESET product are located in the “root\ESET“ namespace. The following classes, which are described in more detail below, are currently implemented:

General

•ESET_Product

•ESET_Features

•ESET_Statistics

Logs

•ESET_ThreatLog

•ESET_EventLog

•ESET_ODFileScanLogs

•ESET_ODFileScanLogRecords

•ESET_ODServerScanLogs

•ESET_ODServerScanLogRecords

•ESET_HIPSLog

•ESET_URLLog

•ESET_DevCtrlLog

•ESET_GreylistLog

•ESET_MailServeg

•ESET_HyperVScanLogs

•ESET_HyperVScanLogRecords

ESET_Product class

There can only be one instance of the ESET_Product class. Properties of this class refer to basic information about your installed ESET product:

•ID – Product type identifier, for example, “emsl”

•Name - Name of the product, for example, "ESET Mail Security"

•FullName - Full name of the product, for example, "ESET Mail Security for IBM Domino"

•Version - Product version, for example, "6.5.14003.0"

•VirusDBVersion - Version of the virus database, for example, "14533 (20161201)"

•VirusDBLastUpdate - Timestamp of the last update of the virus database. The string contains the timestamp in WMI datetime format. for example, “20161201095245.000000+060”

•LicenseExpiration - License expiration time. The string contains timestamp in WMI datetime format

•KernelRunning - Boolean value indicating whether the ekrn service is running on the machine, for example, “TRUE”

•StatusCode - Number indicating the protection status of the product: 0 - Green (OK), 1 - Yellow (Warning), 2 - Red (Error)

•StatusText - Message describing the reason for a non-zero status code, otherwise it is null

ESET_Features class

The ESET_Features class has multiple instances, depending on the number of product features. Each instance contains:

•Name - Name of the feature (list of names is provided below)

•Status - Status of the feature: 0 - inactive, 1 - disabled, 2 - enabled

A list of strings representing currently recognized product features:

•CLIENT_FILE_AV - Real-time file system anti-virus protection

•CLIENT_WEB_AV - Client web anti-virus protection

•CLIENT_DOC_AV - Client document anti-virus protection

•CLIENT_NET_FW - Client personal firewall

•CLIENT_EMAIL_AV - Client email anti-virus protection

•CLIENT_EMAIL_AS - Client email anti-spam protection

•SERVER_FILE_AV - Real-time anti-virus protection of files on the protected file server product, for example, files in SharePoint’s content database in the case of ESET Server Security

•SERVER_EMAIL_AV - Anti-virus protection of emails of protected server product, for example, emails in Microsoft Exchange or IBM Domino

•SERVER_EMAIL_AS - Anti-spam protection of emails of protected server product, for example, emails in Microsoft Exchange or IBM Domino

•SERVER_GATEWAY_AV - Anti-virus protection of protected network protocols on the gateway

•SERVER_GATEWAY_AS - Anti-spam protection of protected network protocols on the gateway

ESET_Statistics class

The ESET_Statistics class has multiple instances, depending on the number of scanners in the product. Each instance contains:

•Scanner - String code for the specific scanner, for example, “CLIENT_FILE”

•Total - Total number of files scanned

•Infected - Number of infected files found

•Cleaned - Number of cleaned files

•Timestamp - Timestamp of the last change of this statistics. In WMI datetime format, for example, “20130118115511.000000+060”

•ResetTime - Timestamp of when the statistics counter was last reset. In WMI datetime format, for example, “20130118115511.000000+060”

List of strings representing currently recognized scanners:

•CLIENT_FILE

•CLIENT_EMAIL

•CLIENT_WEB

•SERVER_FILE

•SERVER_EMAIL

•SERVER_WEB

ESET_ThreatLog class

The ESET_ThreatLog class has multiple instances, each one representing a log record from the “Detected threats” log. Each instance contains:

•ID - Unique ID of this scan log record

•Timestamp - Creation timestamp of the log (in the WMI date/time format)

•LogLevel - severity of the log record expressed as a number in the [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

•Scanner - Name of the scanner that created this log event

•ObjectType - Type of object that produced this log event

•ObjectName - Name of the object that produced this log event

•Threat - Name of the threat that has been found in the object described by ObjectName and ObjectType properties

•Action - Action performed after the threat was identified

•User - User account that caused this log event to be generated

•Information - Additional description of the event

•Hash - Hash of the object that produced this log event

ESET_EventLog

The ESET_EventLog class has multiple instances, each one representing a log record from the “Events” log. Each instance contains:

•ID - Unique ID of this scan log record

•Timestamp - Creation timestamp of the log (in the WMI date/time format)

•LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

•Module - Name of the module that created this log event

•Event - Description of the event

•User - User account that caused this log event to be generated

ESET_ODFileScanLogs

The ESET_ODFileScanLogs class has multiple instances, each one representing an on-demand file scan record. This is equivalent to the GUI “On-demand computer scan” list of logs. Each instance contains:

•ID - Unique ID of this scan log record

•Timestamp - Creation timestamp of the log (in the WMI date/time format)

•Targets - Target folders/objects of the scan

•TotalScanned - Total number of objects scanned

•Infected - Number of infected objects found

•Cleaned - Number of objects cleaned

•Status - Status of the scan process

ESET_ODFileScanLogRecords

The ESET_ODFileScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_ODFileScanLogs class. Instances of this class provide log records of all the on-demand scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:

•LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_ODFileScanLogs class)

•ID - Unique ID of this scan log record

•Timestamp - Creation timestamp of the log (in the WMI date/time format)

•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

•Log - The actual log message

ESET_ODServerScanLogs

The ESET_ODServerScanLogs class has multiple instances, each one representing a run of the on-demand server scan. Each instance contains:

•ID - Unique ID of this scan log record

•Timestamp - Creation timestamp of the log (in the WMI date/time format)

•Targets - Target folders/objects of the scan

•TotalScanned - Total number of objects scanned

•Infected - Number of infected objects found

•Cleaned - Number of objects cleaned

•RuleHits - Total number of rule hits

•Status - Status of the scan process

ESET_ODServerScanLogRecords

The ESET_ODServerScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_ODServerScanLogs class. Instances of this class provide log records of all the on-demand scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:

•LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_ ODServerScanLogs class)

•ID - Unique ID of this scan log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•Log - The actual log message

ESET_SmtpProtectionLog

The ESET_SmtpProtectionLog class has multiple instances, each one representing a log record from the “Smtp protection” log. Each instance contains:

•ID - Unique ID of this scan log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•HELODomain - Name of the HELO domain

•IP - Source IP address

•Sender - Email sender

•Recipient - Email recipient

•ProtectionType - Type of protection used

•Action - Action performed

•Reason - Reason for action

•TimeToAccept - Number of minutes after which the email will be accepted

ESET_HIPSLog

The ESET_HIPSLog class has multiple instances, each one representing a log record from the “HIPS” log. Each instance contains:

•ID - Unique ID of this log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•Application - Source application

•Target - Type of operation

•Action - Action taken by HIPS, e.g. allow, deny, etc.

•Rule - Name of the rule responsible for the action

•AdditionalInfo

ESET_URLLog

The ESET_URLLog class has multiple instances, each one representing a log record from the “Filtered websites” log. Each instance contains:

•ID - Unique ID of this log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•URL - The URL

•Status - What happened to URL, e.g. "Blocked by Web control"

•Application - Application that tried to access the URL

•User - User account the application was running under

ESET_DevCtrlLog

The ESET_DevCtrlLog class has multiple instances, each one representing a log record from the “Device control” log. Each instance contains:

•ID - Unique ID of this log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•Device - Device name

•User - User account name

•UserSID - User account SID

•Group - User group name

•GroupSID - User group SID

•Status - What happened to the device, e.g. "Writing blocked"

•DeviceDetails - Additional info regarding the device

•EventDetails - Additional info regarding the event

ESET_MailServerLog

The ESET_MailServerLog class has multiple instances, each one representing a log record from the “Mail server” log. Each instance contains:

•ID - Unique ID of this log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•IPAddr - Source IP address

•HELODomain - Name of the HELO domain

•Sender - Email sender

•Recipient - Email recipient

•Subject - Email subject

•ProtectionType - Protection type that has performed the action described by the current log record, i.e. malware, antispam or rules.

•Action - Action performed

•Reason - The reason why was the action performed on the object by the given ProtectionType.

ESET_HyperVScanLogs

The ESET_HyperVScanLogs class has multiple instances, each one representing a run of the Hyper-V file scan. This is equivalent to the GUI “Hyper-V scan” list of logs. Each instance contains:

•ID - Unique ID of this log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•Targets - Target machines/disks/volumes of the scan

•TotalScanned - Total number of objects scanned

•Infected - Number of infected objects found

•Cleaned - Number of objects cleaned

•Status - Status of the scan process

ESET_HyperVScanLogRecords

The ESET_HyperVScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_HyperVScanLogs class. Instances of this class provide log records of all the Hyper-V scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:

•LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_HyperVScanLogs class)

•ID - Unique ID of this log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•Log - The actual log message

ESET_NetworkProtectionLog

The ESET_NetworkProtectionLog class has multiple instances, each one representing a log record from the “Network protection” log. Each instance contains:

•ID - Unique ID of this log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•Event - Event triggering network protection action

•Action - Action performed by network protection

•Source - Source address of network device

•Target - Destination address of network device

•Protocol - Network communication protocol

•RuleOrWormName - Rule or worm name related to the event

•Application - Application that initiated the network communication

•User - User account that caused this log event to be generated

ESET_SentFilesLog

The ESET_SentFilesLog class has multiple instances, each one representing a log record from the “Sent files” log. Each instance contains:

•ID - Unique ID of this log record

•Timestamp - Creation timestamp of the log record (in the WMI date/time format)

•Sha1 - Sha-1 hash of sent file

•File - Sent File

•Size - Sent file size

•Category - Sent file category

•Reason - Reason of sending the file

•SentTo - ESET department the file was sent to

•User - User account that caused this log event to be generated

ESET_OneDriveScanLogs

The ESET_OneDriveScanLogs class has multiple instances, each one representing a run of the OneDrive scan. This is equivalent to the GUI “OneDrive scan” list of logs. Each instance contains:

•ID - Unique ID of this OneDrive log

•Timestamp - Creation timestamp of the log (in the WMI date/time format)

•Targets - Target folders/objects of the scan

•TotalScanned - Total number of objects scanned

•Infected - Number of infected objects found

•Cleaned - Number of objects cleaned

•Status - Status of the scan process

ESET_OneDriveScanLogRecords

The ESET_OneDriveScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_OneDriveScanLogs class. Instances of this class provide log records of all the OneDrive scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each instance contains:

•LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_OneDriveScanLogs class)

•ID - Unique ID of this OneDrive log

•Timestamp - Creation timestamp of the log (in the WMI date/time format)

•Log - The actual log message

˄˅