Provided data

All the WMI classes related to ESET product are located in the “root\ESET“ namespace. The following classes, which are described in more detail below, are currently implemented:

General:

ESET_Product

ESET_Features

ESET_Statistics

Logs:

ESET_ThreatLog

ESET_EventLog

ESET_ODFileScanLogs

ESET_ODFileScanLogRecords

ESET_ODServerScanLogs

ESET_ODServerScanLogRecords

ESET_HIPSLog

ESET_URLLog

ESET_DevCtrlLog

ESET_GreylistLog

ESET_MailServeg

ESET_HyperVScanLogs

ESET_HyperVScanLogRecords

ESET_Product class

There can only be one instance of the ESET_Product class. Properties of this class refer to basic information about your installed ESET product:

ID - Product type identifier, for example, “emsl”

Name - Name of the product, for example, "ESET Mail Security"

FullName - Full name of the product, for example, "ESET Mail Security for IBM Domino"

Version - Product version, for example, "6.5.14003.0"

VirusDBVersion - Version of the virus database, for example, "14533 (20161201)"

VirusDBLastUpdate - Timestamp of the last update of the virus database. The string contains the timestamp in WMI datetime format. for example, “20161201095245.000000+060”

LicenseExpiration - License expiration time. The string contains timestamp in WMI datetime format

KernelRunning - Boolean value indicating whether the ekrn service is running on the machine, for example, “TRUE”

StatusCode - Number indicating the protection status of the product: 0 - Green (OK), 1 - Yellow (Warning), 2 - Red (Error)

StatusText - Message describing the reason for a non-zero status code, otherwise it is null

ESET_Features class

The ESET_Features class has multiple instances, depending on the number of product features. Each instance contains:

Name - Name of the feature (list of names is provided below)

Status - Status of the feature: 0 - inactive, 1 - disabled, 2 - enabled

A list of strings representing currently recognized product features:

CLIENT_FILE_AV - Real-time file system anti-virus protection

CLIENT_WEB_AV - Client web anti-virus protection

CLIENT_DOC_AV - Client document anti-virus protection

CLIENT_NET_FW - Client personal firewall

CLIENT_EMAIL_AV - Client email anti-virus protection

CLIENT_EMAIL_AS - Client email anti-spam protection

SERVER_FILE_AV - Real-time anti-virus protection of files on the protected file server product, for example, files in SharePoint’s content database in the case of ESET Mail Security

SERVER_EMAIL_AV - Anti-virus protection of emails of protected server product, for example, emails in MS Exchange or IBM Domino

SERVER_EMAIL_AS - Anti-spam protection of emails of protected server product, for example, emails in MS Exchange or IBM Domino

SERVER_GATEWAY_AV - Anti-virus protection of protected network protocols on the gateway

SERVER_GATEWAY_AS - Anti-spam protection of protected network protocols on the gateway

ESET_Statistics class

The ESET_Statistics class has multiple instances, depending on the number of scanners in the product. Each instance contains:

Scanner - String code for the particular scanner, for example, “CLIENT_FILE”

Total - Total number of files scanned

Infected - Number of infected files found

Cleaned - Number of cleaned files

Timestamp - Timestamp of the last change of this statistics. In WMI datetime format, for example, “20130118115511.000000+060”

ResetTime - Timestamp of when the statistics counter was last reset. In WMI datetime format, for example, “20130118115511.000000+060”

List of strings representing currently recognized scanners:

CLIENT_FILE

CLIENT_EMAIL

CLIENT_WEB

SERVER_FILE

SERVER_EMAIL

SERVER_WEB

ESET_ThreatLog class

The ESET_ThreatLog class has multiple instances, each one representing a log record from the “Detected threats” log. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

LogLevel - severity of the log record expressed as a number in the [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Scanner - Name of the scanner that created this log event

ObjectType - Type of object that produced this log event

ObjectName - Name of the object that produced this log event

Threat - Name of the threat that has been found in the object described by ObjectName and ObjectType properties

Action - Action performed after the threat was identified

User - User account that caused this log event to be generated

Information - Additional description of the event

Hash - Hash of the object that produced this log event

ESET_EventLog

The ESET_EventLog class has multiple instances, each one representing a log record from the “Events” log. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Module - Name of the module that created this log event

Event - Description of the event

User - User account that caused this log event to be generated

ESET_ODFileScanLogs

The ESET_ODFileScanLogs class has multiple instances, each one representing an on-demand file scan record. This is equivalent to the GUI “On-demand computer scan” list of logs. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

Targets - Target folders/objects of the scan

TotalScanned - Total number of objects scanned

Infected - Number of infected objects found

Cleaned - Number of objects cleaned

Status - Status of the scan process

ESET_ODFileScanLogRecords

The ESET_ODFileScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_ODFileScanLogs class. Instances of this class provide log records of all the on-demand scans/logs. When instance of a particular scan log are required only, they must be filtered by the LogID property. Each class instance contains:

LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_ODFileScanLogs class)

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Log - The actual log message

ESET_ODServerScanLogs

The ESET_ODServerScanLogs class has multiple instances, each one representing a run of the on-demand server scan. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

Targets - Target folders/objects of the scan

TotalScanned - Total number of objects scanned

Infected - Number of infected objects found

Cleaned - Number of objects cleaned

RuleHits - Total number of rule hits

Status - Status of the scan process

ESET_ODServerScanLogRecords

The ESET_ODServerScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_ODServerScanLogs class. Instances of this class provide log records of all the on-demand scans/logs. When instance of a particular scan log are required only, they must be filtered by the LogID property. Each class instance contains:

LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_ ODServerScanLogs class)

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Log - The actual log message

ESET_GreylistLog

The ESET_GreylistLog class has multiple instances, each one representing a log record from the “Greylist” log. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

HELODomain - Name of the HELO domain

IP - Source IP address

Sender - Email sender

Recipient - Email recipient

Action - Action performed

TimeToAccept - Number of minutes after which the email will be accepted

ESET_HIPSLog

The ESET_HIPSLog class has multiple instances, each one representing a log record from the “HIPS” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Application - source application

Target - Type of operation

Action - Action taken by HIPS, e.g. allow, deny, etc.

Rule - Name of the rule responsible for the action

AdditionalInfo

ESET_URLLog

The ESET_URLLog class has multiple instances, each one representing a log record from the “Filtered websites” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

URL - The URL

Status - What happened to URL, e.g. "Blocked by Web control"

Application - Application that tried to access the URL

User - User account the application was running under

ESET_DevCtrlLog

The ESET_DevCtrlLog class has multiple instances, each one representing a log record from the “Device control” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Device - Device name

User - User account name

UserSID - User account SID

Group - User group name

GroupSID - User group SID

Status - What happened to the device, e.g. "Writing blocked"

DeviceDetails - Additional info regarding the device

EventDetails - Additional info regarding the event

ESET_MailServerLog

The ESET_MailServerLog class has multiple instances, each one representing a log record from the “Mail server” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

IPAddr - Source IP address

HELODomain - Name of the HELO domain

Sender - Email sender

Recipient - Email recipient

Subject - E-mail subject

ProtectionType - Protection type that has performed the action described by the current log record, i.e. antivirus, antispam or rules.

Action - Action performed

Reason - The reason why was the action performed on the object by the given ProtectionType.

ESET_HyperVScanLogs

The ESET_HyperVScanLogs class has multiple instances, each one representing a run of the Hyper-V file scan. This is equivalent to the GUI “Hyper-V scan” list of logs. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

Targets - Target machines/disks/volumes of the scan

TotalScanned - Total number of objects scanned

Infected - Number of infected objects found

Cleaned - Number of objects cleaned

Status - Status of the scan process

ESET_HyperVScanLogRecords

The ESET_HyperVScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_HyperVScanLogs class. Instances of this class provide log records of all the Hyper-V scans/logs. When instance of a particular scan log are required only, they must be filtered by the LogID property. Each class instance contains:

LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_HyperVScanLogs class)

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Log - The actual log message