ESET Online Help

Search English
Select the topic

Provided data

All the WMI classes related to ESET product are located in the “root\ESET“ namespace. The following classes, which are described in more detail below, are currently implemented:

General

ESET_Product

ESET_Features

ESET_Statistics

Logs

ESET_ThreatLog

ESET_EventLog

ESET_ODFileScanLogs

ESET_ODFileScanLogRecords

ESET_ODServerScanLogs

ESET_ODServerScanLogRecords

ESET_HIPSLog

ESET_URLLog

ESET_DevCtrlLog

ESET_GreylistLog

ESET_MailServeg

ESET_HyperVScanLogs

ESET_HyperVScanLogRecords

ESET_Product class

There can only be one instance of the ESET_Product class. Properties of this class refer to basic information about your installed ESET product:

ID – Product type identifier, for example, “emsl”

Name - Name of the product, for example, "ESET Mail Security"

FullName - Full name of the product, for example, "ESET Mail Security for IBM Domino"

Version - Product version, for example, "6.5.14003.0"

VirusDBVersion - Version of the virus database, for example, "14533 (20161201)"

VirusDBLastUpdate - Timestamp of the last update of the virus database. The string contains the timestamp in WMI datetime format. for example, “20161201095245.000000+060”

LicenseExpiration - License expiration time. The string contains timestamp in WMI datetime format

KernelRunning - Boolean value indicating whether the ekrn service is running on the machine, for example, “TRUE”

StatusCode - Number indicating the protection status of the product: 0 - Green (OK), 1 - Yellow (Warning), 2 - Red (Error)

StatusText - Message describing the reason for a non-zero status code, otherwise it is null

ESET_Features class

The ESET_Features class has multiple instances, depending on the number of product features. Each instance contains:

Name - Name of the feature (list of names is provided below)

Status - Status of the feature: 0 - inactive, 1 - disabled, 2 - enabled

A list of strings representing currently recognized product features:

CLIENT_FILE_AV - Real-time file system anti-virus protection

CLIENT_WEB_AV - Client web anti-virus protection

CLIENT_DOC_AV - Client document anti-virus protection

CLIENT_NET_FW - Client personal firewall

CLIENT_EMAIL_AV - Client email anti-virus protection

CLIENT_EMAIL_AS - Client email anti-spam protection

SERVER_FILE_AV - Real-time anti-virus protection of files on the protected file server product, for example, files in SharePoint’s content database in the case of ESET Security for Microsoft SharePoint

SERVER_EMAIL_AV - Anti-virus protection of emails of protected server product, for example, emails in Microsoft Exchange or IBM Domino

SERVER_EMAIL_AS - Anti-spam protection of emails of protected server product, for example, emails in Microsoft Exchange or IBM Domino

SERVER_GATEWAY_AV - Anti-virus protection of protected network protocols on the gateway

SERVER_GATEWAY_AS - Anti-spam protection of protected network protocols on the gateway

ESET_Statistics class

The ESET_Statistics class has multiple instances, depending on the number of scanners in the product. Each instance contains:

Scanner - String code for the specific scanner, for example, “CLIENT_FILE”

Total - Total number of files scanned

Infected - Number of infected files found

Cleaned - Number of cleaned files

Timestamp - Timestamp of the last change of this statistics. In WMI datetime format, for example, “20130118115511.000000+060”

ResetTime - Timestamp of when the statistics counter was last reset. In WMI datetime format, for example, “20130118115511.000000+060”

List of strings representing currently recognized scanners:

CLIENT_FILE

CLIENT_EMAIL

CLIENT_WEB

SERVER_FILE

SERVER_EMAIL

SERVER_WEB

ESET_ThreatLog class

The ESET_ThreatLog class has multiple instances, each one representing a log record from the “Detected threats” log. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

LogLevel - severity of the log record expressed as a number in the [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Scanner - Name of the scanner that created this log event

ObjectType - Type of object that produced this log event

ObjectName - Name of the object that produced this log event

Threat - Name of the threat that has been found in the object described by ObjectName and ObjectType properties

Action - Action performed after the threat was identified

User - User account that caused this log event to be generated

Information - Additional description of the event

Hash - Hash of the object that produced this log event

ESET_EventLog

The ESET_EventLog class has multiple instances, each one representing a log record from the “Events” log. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Module - Name of the module that created this log event

Event - Description of the event

User - User account that caused this log event to be generated

ESET_ODFileScanLogs

The ESET_ODFileScanLogs class has multiple instances, each one representing an on-demand file scan record. This is equivalent to the GUI “On-demand computer scan” list of logs. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

Targets - Target folders/objects of the scan

TotalScanned - Total number of objects scanned

Infected - Number of infected objects found

Cleaned - Number of objects cleaned

Status - Status of the scan process

ESET_ODFileScanLogRecords

The ESET_ODFileScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_ODFileScanLogs class. Instances of this class provide log records of all the on-demand scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:

LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_ODFileScanLogs class)

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Log - The actual log message

ESET_ODServerScanLogs

The ESET_ODServerScanLogs class has multiple instances, each one representing a run of the on-demand server scan. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log (in the WMI date/time format)

Targets - Target folders/objects of the scan

TotalScanned - Total number of objects scanned

Infected - Number of infected objects found

Cleaned - Number of objects cleaned

RuleHits - Total number of rule hits

Status - Status of the scan process

ESET_ODServerScanLogRecords

The ESET_ODServerScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_ODServerScanLogs class. Instances of this class provide log records of all the on-demand scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:

LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_ ODServerScanLogs class)

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Log - The actual log message

ESET_SmtpProtectionLog

The ESET_SmtpProtectionLog class has multiple instances, each one representing a log record from the “Smtp protection” log. Each instance contains:

ID - Unique ID of this scan log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

HELODomain - Name of the HELO domain

IP - Source IP address

Sender - Email sender

Recipient - Email recipient

ProtectionType - Type of protection used

Action - Action performed

Reason - Reason for action

TimeToAccept - Number of minutes after which the email will be accepted

ESET_HIPSLog

The ESET_HIPSLog class has multiple instances, each one representing a log record from the “HIPS” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number in the [0-8] interval. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Application - Source application

Target - Type of operation

Action - Action taken by HIPS, e.g. allow, deny, etc.

Rule - Name of the rule responsible for the action

AdditionalInfo

ESET_URLLog

The ESET_URLLog class has multiple instances, each one representing a log record from the “Filtered websites” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

URL - The URL

Status - What happened to URL, e.g. "Blocked by Web control"

Application - Application that tried to access the URL

User - User account the application was running under

ESET_DevCtrlLog

The ESET_DevCtrlLog class has multiple instances, each one representing a log record from the “Device control” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Device - Device name

User - User account name

UserSID - User account SID

Group - User group name

GroupSID - User group SID

Status - What happened to the device, e.g. "Writing blocked"

DeviceDetails - Additional info regarding the device

EventDetails - Additional info regarding the event

ESET_MailServerLog

The ESET_MailServerLog class has multiple instances, each one representing a log record from the “Mail server” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

IPAddr - Source IP address

HELODomain - Name of the HELO domain

Sender - Email sender

Recipient - Email recipient

Subject - Email subject

ProtectionType - Protection type that has performed the action described by the current log record, i.e. malware, antispam or rules.

Action - Action performed

Reason - The reason why was the action performed on the object by the given ProtectionType.

ESET_HyperVScanLogs

The ESET_HyperVScanLogs class has multiple instances, each one representing a run of the Hyper-V file scan. This is equivalent to the GUI “Hyper-V scan” list of logs. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

Targets - Target machines/disks/volumes of the scan

TotalScanned - Total number of objects scanned

Infected - Number of infected objects found

Cleaned - Number of objects cleaned

Status - Status of the scan process

ESET_HyperVScanLogRecords

The ESET_HyperVScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_HyperVScanLogs class. Instances of this class provide log records of all the Hyper-V scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each class instance contains:

LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_HyperVScanLogs class)

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Log - The actual log message

ESET_NetworkProtectionLog

The ESET_NetworkProtectionLog class has multiple instances, each one representing a log record from the “Network protection” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Event - Event triggering network protection action

Action - Action performed by network protection

Source - Source address of network device

Target - Destination address of network device

Protocol - Network communication protocol

RuleOrWormName - Rule or worm name related to the event

Application - Application that initiated the network communication

User - User account that caused this log event to be generated

ESET_SentFilesLog

The ESET_SentFilesLog class has multiple instances, each one representing a log record from the “Sent files” log. Each instance contains:

ID - Unique ID of this log record

Timestamp - Creation timestamp of the log record (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Sha1 - Sha-1 hash of sent file

File - Sent File

Size - Sent file size

Category - Sent file category

Reason - Reason of sending the file

SentTo - ESET department the file was sent to

User - User account that caused this log event to be generated

ESET_OneDriveScanLogs

The ESET_OneDriveScanLogs class has multiple instances, each one representing a run of the OneDrive scan. This is equivalent to the GUI “OneDrive scan” list of logs. Each instance contains:

ID - Unique ID of this OneDrive log

Timestamp - Creation timestamp of the log (in the WMI date/time format)

Targets - Target folders/objects of the scan

TotalScanned - Total number of objects scanned

Infected - Number of infected objects found

Cleaned - Number of objects cleaned

Status - Status of the scan process

ESET_OneDriveScanLogRecords

The ESET_OneDriveScanLogRecords class has multiple instances, each one representing a log record in one of the scan logs represented by instances of the ESET_OneDriveScanLogs class. Instances of this class provide log records of all the OneDrive scans/logs. When an instance of a specific scan log is required, it must be filtered only by the LogID property. Each instance contains:

LogID - ID of the scan log this record belongs to (ID of one of the instances of the ESET_OneDriveScanLogs class)

ID - Unique ID of this OneDrive log

Timestamp - Creation timestamp of the log (in the WMI date/time format)

LogLevel - Severity of the log record expressed as a number [0-8]. Values correspond to the following named levels: Debug, Info-Footnote, Info, Info-Important, Warning, Error, SecurityWarning, Error-Critical, SecurityWarning-Critical

Log - The actual log message