Provided data
All the WMI classes related to ESET product are located in the “root\ESET“ namespace. The following classes, which are described in more detail below, are currently implemented:
General
•ESET_Product
•ESET_Features
•ESET_Statistics
Logs
•ESET_ThreatLog
•ESET_EventLog
•ESET_ODFileScanLogs
•ESET_ODFileScanLogRecords
•ESET_ODServerScanLogs
•ESET_ODServerScanLogRecords
•ESET_HIPSLog
•ESET_URLLog
•ESET_DevCtrlLog
•ESET_GreylistLog
•ESET_MailServeg
•ESET_HyperVScanLogs
•ESET_HyperVScanLogRecords
ESET_Product class
There can only be one instance of the ESET_Product class. Properties of this class refer to basic information about your installed ESET product:
•ID – Product type identifier, for example, “emsl”
•Name - Name of the product, for example, "ESET Mail Security"
•FullName - Full name of the product, for example, "ESET Mail Security for IBM Domino"
•Version - Product version, for example, "6.5.14003.0"
•VirusDBVersion - Version of the virus database, for example, "14533 (20161201)"
•VirusDBLastUpdate - Timestamp of the last update of the virus database. The string contains the timestamp in WMI datetime format. for example, “20161201095245.000000+060”
•LicenseExpiration - License expiration time. The string contains timestamp in WMI datetime format
•KernelRunning - Boolean value indicating whether the ekrn service is running on the machine, for example, “TRUE”
•StatusCode - Number indicating the protection status of the product: 0 - Green (OK), 1 - Yellow (Warning), 2 - Red (Error)
•StatusText - Message describing the reason for a non-zero status code, otherwise it is null
ESET_Features class
The ESET_Features class has multiple instances, depending on the number of product features. Each instance contains:
•Name - Name of the feature (list of names is provided below)
•Status - Status of the feature: 0 - inactive, 1 - disabled, 2 - enabled
A list of strings representing currently recognized product features:
•CLIENT_FILE_AV - Real-time file system anti-virus protection
•CLIENT_WEB_AV - Client web anti-virus protection
•CLIENT_DOC_AV - Client document anti-virus protection
•CLIENT_NET_FW - Client personal firewall
•CLIENT_EMAIL_AV - Client email anti-virus protection
•CLIENT_EMAIL_AS - Client email anti-spam protection
•SERVER_FILE_AV - Real-time anti-virus protection of files on the protected file server product, for example, files in SharePoint’s content database in the case of ESET Mail Security
•SERVER_EMAIL_AV - Anti-virus protection of emails of protected server product, for example, emails in Microsoft Exchange or IBM Domino
•SERVER_EMAIL_AS - Anti-spam protection of emails of protected server product, for example, emails in Microsoft Exchange or IBM Domino
•SERVER_GATEWAY_AV - Anti-virus protection of protected network protocols on the gateway
•SERVER_GATEWAY_AS - Anti-spam protection of protected network protocols on the gateway
ESET_Statistics class
The ESET_Statistics class has multiple instances, depending on the number of scanners in the product. Each instance contains:
•Scanner - String code for the specific scanner, for example, “CLIENT_FILE”
•Total - Total number of files scanned
•Infected - Number of infected files found
•Cleaned - Number of cleaned files
•Timestamp - Timestamp of the last change of this statistics. In WMI datetime format, for example, “20130118115511.000000+060”
•ResetTime - Timestamp of when the statistics counter was last reset. In WMI datetime format, for example, “20130118115511.000000+060”
List of strings representing currently recognized scanners:
•CLIENT_FILE
•CLIENT_EMAIL
•CLIENT_WEB
•SERVER_FILE
•SERVER_EMAIL
•SERVER_WEB
ESET_ThreatLog class
The ESET_ThreatLog class has multiple instances, each one representing a log record from the “Detected threats” log. Each instance contains:
•ID - Unique ID of this scan log record
•Timestamp - Creation timestamp of the log (in the WMI date/time format)
•LogLevel - severity of the log record expressed as a number in the [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Scanner - Name of the scanner that created this log event
•ObjectType - Type of object that produced this log event
•ObjectName - Name of the object that produced this log event
•Threat - Name of the threat that has been found in the object described by ObjectName and ObjectType properties
•Action - Action performed after the threat was identified
•User - User account that caused this log event to be generated
•Information - Additional description of the event
•Hash - Hash of the object that produced this log event
ESET_EventLog
The ESET_EventLog class has multiple instances, each one representing a log record from the “Events” log. Each instance contains:
•ID - Unique ID of this scan log record
•Timestamp - Creation timestamp of the log (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Module - Name of the module that created this log event
•Event - Description of the event
•User - User account that caused this log event to be generated
ESET_ODFileScanLogs
The ESET_ODFileScanLogs class has multiple instances, each one representing an on-demand file scan record. This is equivalent to the GUI “On-demand computer scan” list of logs. Each instance contains:
•ID - Unique ID of this scan log record
•Timestamp - Creation timestamp of the log (in the WMI date/time format)
•Targets - Target folders/objects of the scan
•TotalScanned - Total number of objects scanned
•Infected - Number of infected objects found
•Cleaned - Number of objects cleaned
•Status - Status of the scan process
ESET_ODFileScanLogRecords
The ESET_ODFileScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_ODFileScanLogs class. Instances of this class provide log records of all the on-demand scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:
•LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_ODFileScanLogs class)
•ID - Unique ID of this scan log record
•Timestamp - Creation timestamp of the log (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Log - The actual log message
ESET_ODServerScanLogs
The ESET_ODServerScanLogs class has multiple instances, each one representing a run of the on-demand server scan. Each instance contains:
•ID - Unique ID of this scan log record
•Timestamp - Creation timestamp of the log (in the WMI date/time format)
•Targets - Target folders/objects of the scan
•TotalScanned - Total number of objects scanned
•Infected - Number of infected objects found
•Cleaned - Number of objects cleaned
•RuleHits - Total number of rule hits
•Status - Status of the scan process
ESET_ODServerScanLogRecords
The ESET_ODServerScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_ODServerScanLogs class. Instances of this class provide log records of all the on-demand scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:
•LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_ ODServerScanLogs class)
•ID - Unique ID of this scan log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Log - The actual log message
ESET_SmtpProtectionLog
The ESET_SmtpProtectionLog class has multiple instances, each one representing a log record from the “Smtp protection” log. Each instance contains:
•ID - Unique ID of this scan log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•HELODomain - Name of the HELO domain
•IP - Source IP address
•Sender - Email sender
•Recipient - Email recipient
•ProtectionType - Type of protection used
•Action - Action performed
•Reason - Reason for action
•TimeToAccept - Number of minutes after which the email will be accepted
ESET_HIPSLog
The ESET_HIPSLog class has multiple instances, each one representing a log record from the “HIPS” log. Each instance contains:
•ID - Unique ID of this log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Application - Source application
•Target - Type of operation
•Action - Action taken by HIPS, e.g. allow, deny, etc.
•Rule - Name of the rule responsible for the action
•AdditionalInfo
ESET_URLLog
The ESET_URLLog class has multiple instances, each one representing a log record from the “Filtered websites” log. Each instance contains:
•ID - Unique ID of this log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•URL - The URL
•Status - What happened to URL, e.g. "Blocked by Web control"
•Application - Application that tried to access the URL
•User - User account the application was running under
ESET_DevCtrlLog
The ESET_DevCtrlLog class has multiple instances, each one representing a log record from the “Device control” log. Each instance contains:
•ID - Unique ID of this log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Device - Device name
•User - User account name
•UserSID - User account SID
•Group - User group name
•GroupSID - User group SID
•Status - What happened to the device, e.g. "Writing blocked"
•DeviceDetails - Additional info regarding the device
•EventDetails - Additional info regarding the event
ESET_MailServerLog
The ESET_MailServerLog class has multiple instances, each one representing a log record from the “Mail server” log. Each instance contains:
•ID - Unique ID of this log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•IPAddr - Source IP address
•HELODomain - Name of the HELO domain
•Sender - Email sender
•Recipient - Email recipient
•Subject - Email subject
•ProtectionType - Protection type that has performed the action described by the current log record, i.e. malware, antispam or rules.
•Action - Action performed
•Reason - The reason why was the action performed on the object by the given ProtectionType.
ESET_HyperVScanLogs
The ESET_HyperVScanLogs class has multiple instances, each one representing a run of the Hyper-V file scan. This is equivalent to the GUI “Hyper-V scan” list of logs. Each instance contains:
•ID - Unique ID of this log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•Targets - Target machines/disks/volumes of the scan
•TotalScanned - Total number of objects scanned
•Infected - Number of infected objects found
•Cleaned - Number of objects cleaned
•Status - Status of the scan process
ESET_HyperVScanLogRecords
The ESET_HyperVScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_HyperVScanLogs class. Instances of this class provide log records of all the Hyper-V scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:
•LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_HyperVScanLogs class)
•ID - Unique ID of this log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Log - The actual log message
ESET_NetworkProtectionLog
The ESET_NetworkProtectionLog class has multiple instances, each one representing a log record from the “Network protection” log. Each instance contains:
•ID - Unique ID of this log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Event - Event triggering network protection action
•Action - Action performed by network protection
•Source - Source address of network device
•Target - Destination address of network device
•Protocol - Network communication protocol
•RuleOrWormName - Rule or worm name related to the event
•Application - Application that initiated the network communication
•User - User account that caused this log event to be generated
ESET_SentFilesLog
The ESET_SentFilesLog class has multiple instances, each one representing a log record from the “Sent files” log. Each instance contains:
•ID - Unique ID of this log record
•Timestamp - Creation timestamp of the log record (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Sha1 - Sha-1 hash of sent file
•File - Sent File
•Size - Sent file size
•Category - Sent file category
•Reason - Reason of sending the file
•SentTo - ESET department the file was sent to
•User - User account that caused this log event to be generated
ESET_OneDriveScanLogs
The ESET_OneDriveScanLogs class has multiple instances, each one representing a run of the OneDrive scan. This is equivalent to the GUI “OneDrive scan” list of logs. Each instance contains:
•ID - Unique ID of this OneDrive log
•Timestamp - Creation timestamp of the log (in the WMI date/time format)
•Targets - Target folders/objects of the scan
•TotalScanned - Total number of objects scanned
•Infected - Number of infected objects found
•Cleaned - Number of objects cleaned
•Status - Status of the scan process
ESET_OneDriveScanLogRecords
The ESET_OneDriveScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_OneDriveScanLogs class. Instances of this class provide log records of all the OneDrive scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each instance contains:
•LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_OneDriveScanLogs class)
•ID - Unique ID of this OneDrive log
•Timestamp - Creation timestamp of the log (in the WMI date/time format)
•LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical
•Log - The actual log message