List of artifacts/Collected files
This section describes the files contained in the resulting .zip file. The description is divided into subsections based on the information type (files and artifacts).
Location / Filename |
Description |
|---|---|
metadata.txt |
Information on the date of the .zip archive creation, ESET Log Collector version, ESET product version and basic licensing information. |
collector_log.txt |
A copy of the log file from the GUI containing data up to the point when the .zip file was created. |
Windows Processes |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
Running processes (open handles and loaded DLLs) |
✓ |
✓ |
Windows\Processes\Processes.txt |
Text file containing a list of running processes on the machine. For each process, the following items are printed: •PID •Parent PID •Number of threads •Number of open handles grouped by type •Loaded modules •User account it is running under •Memory usage •Timestamp of start •Kernel and user time •I/O statistics •Command line |
Running processes (open handles and loaded DLLs) |
✓ |
✓ |
Windows\ProcessesTree.txt |
Text file containing a tree of running processes on the machine. For each process following items are printed: •PID •User account it is running under •Timestamp of start •Command line |
Windows Logs |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
Application event log |
✓ |
✓ |
Windows\Logs\Application.xml |
Windows Application event logs in a custom XML format. Only messages from the last 30 days are included. |
System event log |
✓ |
✓ |
Windows\Logs\System.xml |
Windows System event logs in a custom XML format. Only messages from the last 30 days are included. |
Security event log |
✓ |
✓ |
Windows\Logs\Security.evtx |
Windows Security event log file. Only messages from the last 30 days are included. |
Terminal services - LSM operational event log* |
✓ |
✓ |
Windows\Logs\LocalSessionManager-Operational.evtx |
Windows event log containing information about RDP sessions. |
Terminal Services - Remote Connection Manager* |
✗ |
✓ |
Windows\Logs\RemoteConnectionManager-Operational.evtx |
Windows event log containing information about Windows Remote Desktop connections. |
Drivers install logs |
✓ |
✗ |
Windows\Logs\catroot2_dberr.txt |
Information about catalogs that have been added to "catstore" during driver installation. |
SetupAPI logs* |
✓ |
✗ |
Windows\Logs\SetupAPI\setupapi*.log |
Device and application installation text logs. |
WMI Activity operational event log |
✓ |
✓ |
Windows\Logs\WMI-Activity.evtx |
Windows event log containing WMI Activity tracing data. Only messages from the last 30 days are included. |
Application event log |
✓ |
✓ |
Windows\Logs\Application.evtx |
Windows Application event log file. Only messages from the last 30 days are included. |
System event log |
✓ |
✓ |
Windows\Logs\System.evtx |
Windows System event log file. Only messages from the last 30 days are included. |
Windows PowerShell event log |
✗ |
✓ |
Windows\Logs\Windows-PowerShell.evtx |
Windows Event Log file that contains records details of Windows PowerShell operations. |
*Windows Vista and later
System Configuration |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
Drives info |
✓ |
✓ |
Windows\drives.txt Windows\volumes.txt |
Text file containing information about disk drives and volumes. |
Devices info |
✓ |
✓ |
Windows\devices\*.txt Windows\Devices\deviceTree.json |
Multiple text files containing classes and interfaces information about devices. |
Services Registry key content |
✓ |
✗ |
Windows\Services.reg |
A registry key content of KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. Collecting this key may be helpful for driver issues. |
Network configuration |
✓ |
✓ |
Config\network.txt |
Text file containing network configuration (result of executing ipconfig /all). |
Windows updates |
✓ |
✗ |
Windows Updates\WinUpdates.txt |
Text file containing information about Windows Updates. |
PowerShell history |
✗ |
✓ |
Windows\PSHistory\{profileName}\*.* |
Text files with PowerShell history in %appdata%\Microsoft\Windows\PowerShell\PSReadline\ under each profile. History is collected for PS version 5 and above, where PSReadLine should be available by default. |
.NET Framework info |
|
|
Windows\DotNET_info.txt |
Text file containing information about installed .NET Framework and .NET CLR versions. |
ESET SysInspector log |
✓ |
✓ |
Config\SysInspector.esil |
SysInspector log. It may contain SysInspector XML format instead, depending on the used SysInspector app's version. |
Winsock LSP catalog |
✓ |
✓ |
Config\WinsockLSP.txt |
Output of netsh winsock show catalog command. |
WFP filters* |
✓ |
✓ |
Config\WFPFilters.xml |
WFP filters configuration in the XML format. |
Complete Windows Registry content |
✗ |
✓ |
Windows\Registry\* |
Multiple binary files containing Windows Registry data. |
List of files in temporary directories |
✓ |
✓ |
Windows\TmpDirs\*.txt |
Collected multiple text files with content of system's user temp directories, %windir%/temp, %TEMP% and %TMP% directories. |
Windows scheduled tasks |
✗ |
✓ |
Windows\Scheduled Tasks\*.* |
Multiple xml files containing all tasks from the Windows Task Scheduler to help detect malware that exploits the Task Scheduler. Because the files are located in subfolders, the whole structure is collected. |
WMI repository |
✗ |
✓ |
Windows\WMI Repository\*.* |
Multiple binary files containing WMI database data (meta-information, definition and static data of WMI classes). Collecting these files may help identify malware that uses WMI for persistence (such as Turla). Because WMI files may be located in subfolders, the whole structure is collected. |
Shim databases |
✗ |
✓ |
Windows\Shim Databases\*.sdb |
Shim database files located in %SystemRoot%\apppatch directory. |
Prefetch files |
✗ |
✓ |
Windows\Prefetch files\*.sdb |
Prefetch files located in %SystemRoot%\Prefetch directory. |
Group Policy settings |
✓ |
✓ |
Windows\GP\gpresult.html Windows\GP\gpresult_Computer.log Windows\GP\gpresult_User.log |
A report generated by the gpresult tool contains all information about the Resultant Set of Policy for remote users and computers. |
Microsoft Defender status* |
✓ |
✓ |
Windows\Defender\service.txt |
Text file containing information about Microsoft Defender service. |
Windows Server roles & features* |
✓ |
✗ |
Windows\server_features.txt |
Text file containing a tree of all Windows Server features. Each feature contains the following information: •Installed state •Localized name •Code name •State (available on Microsoft Windows Server 2012 and later) |
*Microsoft Windows 7 or Microsoft Windows Server 2008 R2 and later / Microsoft Defender Antivirus Service
ESET Installer |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET Installer logs |
✓ |
✗ |
ESET\Installer\*.log |
Installation logs that were created during ESET NOD32 Antivirus and ESET Smart Security 10 Premium products installation. |
ESET PROTECT On-prem |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET PROTECT Server logs |
✓ |
✗ |
ERA\Server\Logs\RemoteAdministratorServerDiagnostic<datetime>.zip |
Create Server product logs in the ZIP archive. It contains trace, status and last-error logs. |
ESET PROTECT Agent logs |
✓ |
✗ |
ERA\Agent\Logs\RemoteAdministratorAgentDiagnostic<datetime>.zip |
Create Agent product logs in the ZIP archive. It contains trace, status and last-error logs. |
ESET PROTECT process information and dumps* |
✗ |
✗ |
ERA\Server\Process and old dump\RemoteAdministratorServerDiagnostic<datetime>.zip |
Server process dump(s). |
ESET PROTECT process information and dumps* |
✗ |
✗ |
ERA\Agent\Process and old dump\RemoteAdministratorAgentDiagnostic<datetime>.zip |
Agent process dump(s). |
ESET PROTECT configuration |
✓ |
✗ |
ERA\Server\Config\RemoteAdministratorServerDiagnostic<datetime>.zip |
Server configuration and application information files in the ZIP archive. |
ESET PROTECT configuration |
✓ |
✗ |
ERA\Agent\Config\RemoteAdministratorAgentDiagnostic<datetime>.zip |
Agent configuration and application information files in the ZIP archive. |
ESET PROTECT Rogue Detection Sensor logs |
✓ |
✗ |
ERA\RD Sensor\Rogue Detection SensorDiagnostic<datetime>.zip |
A ZIP containing RD Sensor trace log, last-error log, status log, configuration, dump(s) and general information files. |
ESET PROTECT MDMCore logs |
✓ |
✗ |
ERA\MDMCore\RemoteAdministratorMDMCoreDiagnostic<datetime>.zip |
A ZIP containing MDMCore trace log, last-error log, status log, dump(s) and general information files. |
ESET PROTECT Proxy logs |
✓ |
✗ |
ERA\Proxy\RemoteAdministratorProxyDiagnostic<datetime>.zip |
A ZIP containing ERA Proxy trace log, last-error log, status log, configuration, dump(s) and general information files. |
ESET PROTECT Agent database |
✓ |
✗ |
ERA\Agent\Database\data.db |
ESET PROTECT Agent database file. |
Apache Tomcat configuration |
✓ |
✗ |
ERA\Apache\Tomcat\conf\*.* |
Apache Tomcat configuration files, it contains a copy of server.xml file without sensitive information. |
Apache Tomcat logs |
✓ |
✗ |
ERA\Apache\Tomcat\logs\*.log ERA\Apache\Tomcat\EraAppData\logs\*.log ERA\Apache\Tomcat\EraAppData\WebConsole\*.log |
Apache Tomcat log(s) in text format located in Apache Tomcat install or application directory. It also contains WebConsole logs. |
Apache HTTP Proxy configuration |
✓ |
✗ |
ERA\Apache\Proxy\conf\httpd.conf |
Apache HTTP Proxy configuration file. |
Apache HTTP Proxy logs |
✓ |
✗ |
ERA\Apache\Proxy\logs\*.log |
Apache HTTP Proxy log(s) in text format located. |
*ESET PROTECT Server or ESET PROTECT Agent
ESET Bridge |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET Bridge configuration |
✓ |
✗ |
ESET Bridge\pkgid |
Configuration file located in ESET Bridge installation directory. |
ESET Bridge logs |
✓ |
✗ |
ESET Bridge\logs\*.* |
Log files located in ESET Bridge application data directory. |
ESET Bridge dumps |
✓ |
✗ |
ESET Bridge\dumps\*.* |
ESET Bridge dump files. |
Nginx logs |
✓ |
✗ |
ESET Bridge\Nginx\logs\*.log ESET Bridge\Nginx\conf\*.* |
Nginx log files (.key and .pfx are not collected). |
ESET Direct Endpoint Management plug-in |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
eRMMI |
✓ |
✗ |
ERMMI\data\*.* |
App data files that are located in the ERMMI directory. |
Endpoint Plugin for Connectwise Automate logs |
✓ |
✗ |
ERMMI\EEPCA\Logs\*.* |
Endpoint Plugin for Connectwise Automate logs files. |
Endpoint Plugin for Connectwise Automate binaries |
✓ |
✗ |
ERMMI\EEPCA\bin\*.* |
Endpoint Plugin for Connectwise Automate in binary format (except .msi and .exe executables). |
Ermmi logs |
✓ |
✗ |
ERMMI\logs\*.* |
Log files located in the ERMMI install directory. |
Ermmi binaries |
✓ |
✗ |
ERMMI\bin\*.* |
Binary files located in the ERMMI install directory (except .msi and .exe executables). |
ESET Configuration |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET product configuration |
✓ |
✓ |
info.xml |
Informational XML that details the ESET product installed on a system. It contains basic system information, installed product information and a list of product modules. |
ESET product configuration |
✓ |
✓ |
versions.csv |
Since version 4.0.3.0 the file is always included (without any dependencies). It contains installed product info. versions.csv must exist in ESET AppData directory to be included. |
ESET product configuration |
✓ |
✓ |
features_state.txt |
Information about ESET product features and their states (Active, Inactive, Not integrated). The file is always collected and is not tied to any selectable artifact. |
ESET product configuration |
✓ |
✓ |
Configuration\product_conf.xml |
XML with exported product configuration. |
ESET data and install directory file list |
✓ |
✓ |
ESET\Config\data_dir_list.txt |
Text file containing list of files in ESET AppData directory and all their subdirectories. |
ESET data and install directory file list |
✓ |
✓ |
ESET\Config\install_dir_list.txt |
Text file containing list of files in ESET Install directory and all their subdirectories. |
ESET drivers |
✓ |
✓ |
ESET\Config\drivers.txt |
Information about installed ESET drivers. |
ESET Personal firewall configuration |
✓ |
✓ |
ESET\Config\EpfwUser.dat |
Copy file with ESET Personal firewall configuration. |
ESET firewall troubleshooting wizard |
✓ |
✓ |
ESET\Config\epfw_troubleshooting_wizard.xml |
XML file containing information about blocked local applications and remote devices. |
ESET firewall temporary IP address blacklist |
✓ |
✓ |
ESET\Config\epfw_temporary_ip_address_blacklist.xml |
XML file containing information about temporarily blocked IP addresses. |
ESET Registry key content |
✓ |
✓ |
ESET\Config\ESET.reg |
Registry key content of HKLM\SOFTWARE\ESET |
Winsock LSP catalog |
✓ |
✓ |
Config/WinsockLSP.txt |
Netsh winsock show catalog command output. |
Last applied policy |
✓ |
✓ |
ESET\Config\lastPolicy.dat |
The policy applied by ESET PROTECT. |
ESET components |
✓ |
✓ |
ESET\Config\msi_features.txt |
Collected information about available ESET product MSI installer components. |
ESET License |
✓ |
✓ |
ESET\Config\License\*.* |
License files of the installed ESET product. |
HIPS configuration |
✓ |
✓ |
ESET\Config\HipsRules.bin |
HIPS rules data. |
Network Inspector configuration |
✓ |
✓ |
ESET\Config\epfwdata.bin |
Network Inspector configuration data. |
Connected Home configuration |
✓ |
✓ |
ESET\Config\homenet.dat |
Connected Home data. |
Quarantine |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
Info about quarantined files |
✓ |
✓ |
ESET\Quarantine\quar_info.txt |
Create text file with a list of quarantined objects. |
Small quarantined files (< 250KB) |
✓ |
✗ |
ESET\Quarantine\*.*(< 250KB) |
Quarantine files smaller than 250 KB. |
Big quarantined files (> 250KB) |
✗ |
✓ |
ESET\Quarantine\*.*(> 250KB) |
Quarantine files larger than 250 KB. |
Suspicious file (collected with ESET Inspect On-prem log artifact) |
✗ |
✓ |
Config\SysInspector.esil |
All files considered by ESET SysInspector as suspicious. |
ESET Logs |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET Events log |
✓ |
✓ |
ESET\Logs\Common\warnlog.dat |
ESET Product event log in binary format. |
ESET Detected threats log |
✓ |
✓ |
ESET\Logs\Common\virlog.dat |
ESET Detected threats log in binary format. |
ESET Computer scan logs |
✗ |
✓ |
ESET\Logs\Common\eScan\*.dat |
ESET Computer scan log(s) in binary format. |
ESET HIPS log* |
✓ |
✓ |
ESET\Logs\Common\hipslog.dat |
ESET HIPS log in binary format. |
ESET Parental control logs* |
✓ |
✓ |
ESET\Logs\Common\parentallog.dat |
ESET Parental control log in binary format. |
ESET Device control log* |
✓ |
✓ |
ESET\Logs\Common\devctrllog.dat |
ESET Device control log in binary format. |
ESET Webcam protection log* |
✓ |
✓ |
ESET\Logs\Common\webcamlog.dat |
ESET Webcam protection log in binary format. |
ESET Banking & Payment protection log |
✓ |
✓ |
ESET\Logs\Common\bpplog.dat |
ESET Banking & Payment protection log in binary format. |
ESET Blocked files log |
✓ |
✓ |
ESET\Logs\Common\blocked.dat |
ESET Blocked files log(s) in binary format. |
ESET Sent files log |
✓ |
✓ |
ESET\Logs\Common\sent.dat |
ESET Sent files log(s) in binary format. |
ESET Audit log |
✓ |
✓ |
ESET\Logs\Common\audit.dat ESET\Logs\Common\audit\*.* |
ESET Audit log(s) in binary format. |
ESET Vulnerability & Patch Management log |
✓ |
✓ |
ESET\Logs\Common\vapmlog.dat |
ESET Vulnerability & Patch Management log in binary format. |
*Option is displayed only when the file exists.
ESET Server Line of Products Logs |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET On-demand server database scan logs |
✓ |
✓ |
ESET\Logs\Common\ServerOnDemand\*.dat |
ESET server On-demand log(s) in binary format. |
ESET Hyper-V server scan logs |
✓ |
✓ |
ESET\Logs\Common\HyperVOnDemand\*.dat |
ESET Hyper-V server scan log(s) in binary format. |
ESET OneDrive scan logs |
✓ |
✓ |
ESET\Logs\Common\O365OnDemand\*.dat |
ESET OneDrive scan log(s) in binary format. |
ESET Network Logs |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET Network protection log* |
✓ |
✓ |
ESET\Logs\Net\epfwlog.dat |
ESET Network protection log in binary format. |
ESET Filtered websites log* |
✓ |
✓ |
ESET\Logs\Net\urllog.dat |
ESET Websites filter log in binary format. |
ESET Web control log* |
✓ |
✓ |
ESET\Logs\Net\webctllog.dat |
ESET Web control log in binary format. |
ESET pcap logs |
✓ |
✗ |
ESET\Logs\Net\EsetProxy*.pcapng |
Copy ESET pcap logs. |
*Option is displayed only when the file exists.
ESET Diagnostics |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
Local cache database |
✗ |
✓ |
ESET\Diagnostics\local.db |
ESET scanned files database. |
General product diagnostics logs |
✓ |
✗ |
ESET\Diagnostics\*.* |
Files (mini-dumps) from ESET diagnostics folder. |
ECP diagnostic logs |
✓ |
✗ |
ESET\Diagnostics\ECP\*.* |
ESET Communication Protocol diagnostic logs are generated if there are problems with product activation and communication with activation servers. |
EPNS diagnostic logs |
✓ |
✗ |
ESET\Diagnostics\*.* |
ESET Push Notification Service diagnostic logs are generated if there are problems. |
Vulnerability & Patch Management debug logs |
✓ |
✗ |
ESET\Diagnostics\Vapm\*.* |
ESET Vulnerability & Patch Management diagnostic log files. |
ESET Cluster diagnostics logs |
✓ |
✗ |
ESET\Diagnostics\Cluster\*.* |
ESET Cluster diagnostic log files, including those located in the system temporary directory created during product installation/upgrade performed by the ESET Cluster feature. |
Update |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
Product update logs |
✓ |
✗ |
ESET\Update\MicroPcu\*.* |
ESET product μ-PCU update files. |
Update snapshot info |
✓ |
✗ |
ESET\Config\db.xml |
Backup update snapshot XML file containing information about modules to a specific date. |
ESET Secure Authentication |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESA logs |
✓ |
✗ |
ESA\*.log ESA\logs\*.* |
Exported log(s) from the ESET Secure Authentication. |
ESA logs |
✓ |
✗ |
ESA\logs\elastic\*.* |
Additional ESET Secure Authentication log files. |
ESA Synchronization Agent logs |
✓ |
✗ |
ESA\Synchronization Agent\*.* |
Exported log(s) from the ESET Secure Authentication Synchronization Agent. The files are collected since version 4.9.0.0. |
ESET Inspect On-prem |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
EI Server logs |
✓ |
✗ |
EEI\Server\Logs\*.log |
Inspect Server product text logs. |
EI Connector logs |
✓ |
✗ |
EEI\Agent\Logs\*.log
|
Inspect Connector product text logs. |
EI Server configuration |
✓ |
✗ |
EEI\Server\eiserver.ini |
An .ini file containing Inspect Server product configuration. |
EI Connector configuration
|
✓ |
✗ |
EEI\Agent\eiconnector.ini |
An .ini file containing Inspect Connector product configuration. |
EI Server policy |
✓ |
✗ |
EEI\Server\eiserver.policy.ini |
An .ini file containing Inspect Server product policy. |
EI Connector policy |
✓ |
✗ |
EEI\Agent\eiconnector.policy.ini |
An .ini file containing Inspect Connector product policy. |
EEI Server certificates |
✓ |
✗ |
EEI\Server\Certificates\*.* |
Contains certification files used by Inspect Server product. Since the files are located in subfolders, the whole structure is collected. |
EEI Connector certificates |
✓ |
✗ |
EEI\Agent\Certificates\*.* |
Contains certification files used by Inspect Connector product. Since the files are located in subfolders, the whole structure is collected. |
EI Server dumps |
✓ |
✗ |
EEI\Server\Diagnostics\*.* |
Inspect Server product dump files. |
MySQL Server configuration |
✓ |
✗ |
EI\My SQL\my.ini |
An .ini file containing MySQL Server configuration used by ESET Inspect On-prem Server product. |
MySQL Server logs |
✓ |
✗ |
EEI\My SQL\EEI.err |
An error text log of MySQL Server used by ESET Inspect On-prem Server product. |
ESET Full Disk Encryption |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
EFDE logs |
✓ |
✗ |
EFDE\AIS\Logs\*.* EFDE\Core\*.log |
Exported logs (AIS and Core) from the ESET Full Disk Encryption. |
EFDE license data |
✓ |
✗ |
EFDE\AIS\Licence\*.* |
License data files of ESET Full Disk Encryption. |
EFDE configuration |
✓ |
✗ |
EFDE\AIS\lastpolicy.dat |
Contains configuration of ESET Full Disk Encryption. |
ESET VPN |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
Client application logs |
✓ |
✗ |
EVPN\ClientApp\*.tx |
EVPN client application logs. |
Service logs |
✓ |
✗ |
EVPN\Service\*.log |
EVPN service logs. |
Network routing table |
✓ |
✗ |
EVPN\routing_table.txt |
Console output of route utility containing routing table. |
ESET Email Logs (ESET Mail Security for Exchange, ESET Mail Security for Domino) |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET Spam log |
✓ |
✗ |
ESET\Logs\Email\spamlog.dat |
ESET Spam log in binary format. |
ESET Greylist log |
✓ |
✗ |
ESET\Logs\Email\greylistlog.dat |
ESET Greylist log in binary format. |
ESET SMTP protection log |
✓ |
✗ |
ESET\Logs\Email\smtpprot.dat |
ESET SMTP protection log in binary format. |
ESET mail server protection log |
✓ |
✗ |
ESET\Logs\Email\mailserver.dat |
ESET Mail server protection log in binary format. |
ESET diagnostic e-mail processing logs |
✓ |
✗ |
ESET\Logs\Email\MailServer\*.dat |
ESET diagnostic e-mail processing logs in binary format, direct copy from disk. |
ESET Spam log* |
✓ |
✗ |
ESET\Logs\Email\spamlog.dat |
ESET Spam log in binary format. |
ESET Antispam configuration and diagnostic logs |
✓ |
✗ |
ESET\Logs\Email\Antispam\antispam.*.log ESET\Config\Antispam\*.* |
Copy ESET Antispam configuration and diagnostic logs. |
*Option is displayed only when the file exists.
ESET SharePoint logs (ESET Security for SharePoint) |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
ESET SHPIO.log |
✓ |
✗ |
ESET\Log\ESHP\SHPIO.log |
ESET Diagnostic log from the SHPIO.exe utility. |
Product specific logs - options are available for specific product.
Domino (ESET Mail Security for Domino) |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
Domino IBM_TECHNICAL_SUPPORT logs + notes.ini |
✓ |
✗ |
LotusDomino\Log\notes.ini |
IBM Domino configuration file. |
Domino IBM_TECHNICAL_SUPPORT logs + notes.ini |
✓ |
✗ |
LotusDomino\Log\IBM_TECHNICAL_SUPPORT\*.* |
IBM Domino logs, not older than 30 days. |
MS SharePoint (ESET Security for SharePoint) |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
MS SharePoint logs |
✓ |
✗ |
SharePoint\Logs\*.log |
MS SharePoint logs, not older than 30 days. |
SharePoint Registry key content |
✓ |
✗ |
SharePoint\WebServerExt.reg |
Contains a registry key content of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions. Available only when ESET Security for SharePoint is installed. |
MS Exchange (ESET Mail Security for Exchange) |
||||
|---|---|---|---|---|
Artifact name |
Collection profile |
Location / Filename |
Description |
|
Default |
Threat detection |
|||
MS Exchange transport agents registration |
✓ |
✗ |
Exchange\agents.config |
MS Exchange transport agents registration config file. For Microsoft Exchange Server 2007 and later. |
MS Exchange transport agents registration |
✓ |
✗ |
Exchange\sinks_list.txt |
MS Exchange event sinks registration dump. For Microsoft Exchange Server 2000 and 2003. |
MS Exchange EWS logs |
✓ |
✗ |
Exchange\EWS\*.log |
Collection of EWS Exchange Server logs. |