ESET Online help

Select the topic

List of artifacts / Collected files

This section describes the files contained in the resulting .zip file. Description is divided into subsections based on the information type (files and artifacts).

Location / File name

Description

metadata.txt

Contains the date of the .zip archive creation, ESET Log Collector version, ESET product version and basic licensing information.

collector_log.txt

A copy of the log file from the GUI, contains data up to the point when the .zip file is being created.

 

Windows Processes

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

Running processes

(open handles and loaded DLLs)

Windows\Processes\Processes.txt

Text file containing a list of running processes on the machine. For each process, the following items are printed:

oPID

oParent PID

oNumber of threads

oNumber of open handles grouped by type

oLoaded modules

oUser account it is running under

oMemory usage

oTimestamp of start

oKernel and user time

oI/O statistics

oCommand line

Running processes

(open handles and loaded DLLs)

Windows\ProcessesTree.txt

Text file containing a tree of running processes on the machine. For each process following items are printed:

oPID

oUser account it is running under

oTimestamp of start

oCommand line

 

Windows Logs

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

Application event log

Windows\Logs\Application.xml

XML containing Windows Application event logs in a custom XML format suitable for viewing in Microsoft Excel. Only messages from the last 30 days are included. All string references are translated on the source machine so that the viewing machine does not need access to referenced resource DLLs.

System event log

Windows\Logs\System.xml

XML containing Windows System event logs in a custom XML format suitable for viewing in Microsoft Excel. Only messages from the last 30 days are included. All string references are translated on the source machine so that the viewing machine does not need access to referenced resource DLLs.

Terminal services - LSM operational event log*

Windows\Logs\LocalSessionManager-Operational.evtx

Windows XML Event Log. It contains information about RDP sessions. A user can specify maximum age of exported records.

Drivers install logs

Windows\Logs\catroot2_dberr.txt

Contains information about catalogs that have been added to "catstore" during driver installation.

SetupAPI logs*

Windows\Logs\SetupAPI\setupapi*.log

Device and application installation text logs.

*Windows Vista and newer

 

System Configuration

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

Network configuration

Config\network.txt

Collected text file containing network configuration. (Result of executing ipconfig /all)

ESET SysInspector log

Config\SysInspector.xml

SysInspector log in the XML format.

WFP filters*

Config\WFPFilters.xml

Collected WFP filters configuration in the XML format.

Complete Windows Registry content

Windows\Registry\*

Collected multiple binary files containing Windows Registry data.

*Windows 7 and newer

 

ESET Installer

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

ESET Installer logs

ESET\Installer\*.log

Installation logs that were created during the installation of ESET NOD32 Antivirus and ESET Smart Security 10 Premium products.

 

ESET Remote Administrator (ERA)

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

ERA Server logs

ERA\Server\Logs\RemoteAdministratorServerDiagnostic<datetime>.zip

Create Server product logs in the ZIP archive. It contains trace, status and last-error logs.

ERA Agent logs

ERA\Agent\Logs\RemoteAdministratorAgentDiagnostic<datetime>.zip

Create Agent product logs in the ZIP archive. It contains trace, status and last-error logs.

ERA process information and dumps*

ERA\Server\Process and old dump\RemoteAdministratorServerDiagnostic<datetime>.zip

Server process dump(s).

ERA process information and dumps*

ERA\Agent\Process and old dump\RemoteAdministratorAgentDiagnostic<datetime>.zip

Agent process dump(s).

ERA configuration

ERA\Server\Config\RemoteAdministratorServerDiagnostic<datetime>.zip

Server configuration and application information files in the ZIP archive.

ERA configuration

ERA\Agent\Config\RemoteAdministratorAgentDiagnostic<datetime>.zip

Agent configuration and application information files in the ZIP archive.

ERA Rogue Detection Sensor logs

ERA\RD Sensor\Rogue Detection SensorDiagnostic<datetime>.zip

A ZIP containing RD Sensor trace log, last-error log, status log, configuration, dump(s) and general information files.

ERA MDMCore logs

ERA\MDMCore\RemoteAdministratorMDMCoreDiagnostic<datetime>.zip

A ZIP containing MDMCore trace log, last-error log, status log, dump(s) and general information files.

ERA Proxy logs

ERA\Proxy\RemoteAdministratorProxyDiagnostic<datetime>.zip

A ZIP containing ERA Proxy trace log, last-error log, status log, configuration, dump(s) and general information files.

*ERA Server or ERA Agent

 

ESET Configuration

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

ESET product configuration

info.xml

Informational XML that details the ESET product installed on a system. It contains basic system information, installed product information and a list of product modules.

ESET product configuration

versions.csv

Exported when the generation of info.xml has failed for any reason. Contains installed product information.

ESET product configuration

Configuration\product_conf.xml

Create XML with exported product configuration.

ESET data and install directory file list

ESET\Config\data_dir_list.txt

Create text file containing list of files in ESET AppData directory and all their subdirectories.

ESET data and install directory file list

ESET\Config\install_dir_list.txt

Create text file containing list of files in ESET Install directory and all their subdirectories.

ESET drivers

ESET\Config\drivers.txt

Collect information about installed ESET drivers.

ESET Personal firewall configuration

ESET\Config\EpfwUser.dat

Copy file with ESET Personal firewall configuration.

ESET Registry key content

ESET\Config\ESET.reg

Contains a registry key content of HKLM\SOFTWARE\ESET

Winsock LSP catalog

Config/WinsockLSP.txt

Collect the output of netsh winsock show catalog command.

 

Quarantine

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

Info about quarantined files

ESET\Quarantine\quar_info.txt

Create text file with a list of quarantined objects.

Quarantined files

ESET\Quarantine\<username>

Collect NDF and NQF files from ESET Security product.

 

ESET Logs

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

ESET Events log

ESET\Log\Common\warnlog.dat

ESET Product event log in binary format.

ESET Detected threats log

ESET\Log\Common\virlog.dat

ESET Detected threats log in binary format.

ESET Computer scan logs

ESET\Log\Common\eScan\*.dat

ESET Computer scan log(s) in binary format.

ESET HIPS log*

ESET\Log\Common\hipslog.dat

ESET HIPS log in binary format.

ESET Parental control logs*

ESET\Log\Common\parentallog.dat

ESET Parental control log in binary format.

ESET Device control log*

ESET\Log\Common\devctrllog.dat

ESET Device control log in binary format.

ESET Webcam protection log*

ESET\Log\Common\webcamlog.dat

ESET Webcam protection log in binary format.

ESET On-demand server database scan logs

ESET\Logs\Common\ServerOnDemand\*.dat

ESET server On-demand log(s) in binary format.

ESET Hyper-V server scan logs

ESET\Logs\Common\HyperVOnDemand\*.dat

ESET Hyper-V scan log(s) in binary format.

*Option is displayed only when the file exists.

 

ESET Network Logs

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

ESET Personal firewall log*

ESET\Logs\Net\epfwlog.dat

ESET Personal firewall log in binary format.

ESET Filtered websites log*

ESET\Logs\Net\urllog.dat

ESET Websites filter log in binary format.

ESET Web control log*

ESET\Logs\Net\webctllog.dat

ESET Web control log in binary format.

ESET pcap logs

ESET\Logs\Net\EsetProxy*.pcapng

Copy ESET pcap logs.

*Option is displayed only when the file exists.

 

ESET Diagnostics

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

Local cache database

ESET\Diagnostics\local.db

ESET scanned files database.

General product diagnostics logs

ESET\Diagnostics\*.*

Files (mini-dumps) from ESET diagnostics folder.

 

ESET Secure Authentication

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

ESA logs

ESA\*.log

Exported log(s) from the ESET Secure Authentication.

 

ESET Email Logs (Mail Security for Exchange, Mail Security for Domino)

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

ESET Spam log

ESET\Logs\Email\spamlog.dat

ESET Spam log in binary format.

ESET greylist log

ESET\Log\Email\greylistlog.dat

ESET Greylist log in binary format.

ESET mail server protection log

ESET\Logs\Email\mailserver.dat

ESET Mail server protection log in binary format.

ESET diagnostic e-mail processing logs

ESET\Logs\Email\MailServer\*.dat

ESET diagnostic e-mail processing logs in binary format, direct copy from disk.

ESET Spam log*

ESET\Logs\Email\spamlog.dat

ESET Spam log in binary format.

ESET Antispam configuration and diagnostic logs

ESET\Logs\Email\Antispam\antispam.*.log

Copy ESET Antispam configuration and diagnostic logs.

ESET Antispam configuration and diagnostic logs

ESET\Config\Antispam\*.*

Copy ESET Antispam configuration and diagnostic logs.

*Option is displayed only when the file exists.

 

ESET SharePoint logs (ESET Security for SharePoint)

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

ESET SHPIO.log

ESET\Log\ESHP\SHPIO.log

ESET Diagnostic log from the SHPIO.exe utility.

 

Product specific logs - options are available for specific product.

Domino (Mail Security for Domino)

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

Domino IBM_TECHNICAL_SUPPORT logs + notes.ini

LotusDomino\Log\notes.ini

IBM Domino configuration file.

Domino IBM_TECHNICAL_SUPPORT logs + notes.ini

LotusDomino\Log\IBM_TECHNICAL_SUPPORT\*.*

IBM Domino logs, not older than 30 days.

 

MS SharePoint (ESET Security for SharePoint)

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

MS SharePoint logs

SharePoint\Logs\*.log

MS SharePoint logs, not older than 30 days.

SharePoint Registry key content

SharePoint\WebServerExt.reg

Contains a registry key content of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions. Available only when ESET Security for SharePoint is installed.

 

MS Exchange (Mail Security for Exchange)

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

MS Exchange transport agents registration

Exchange\agents.config

MS Exchange transport agents registration config file. For Microsoft Exchange Server 2007 and newer.

MS Exchange transport agents registration

Exchange\sinks_list.txt

MS Exchange event sinks registration dump. For Microsoft Exchange Server 2000 and 2003.

MS Exchange EWS logs

Exchange\EWS\*.log

Collecting of EWS Exchange Server logs.

 

Kerio Connect (ESET Security for Kerio)

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

Kerio Connect configuration

Kerio\Connect\mailserver.cfg

Kerio Connect configuration file.

Kerio Connect logs

Kerio\Connect\Logs\{mail,error,security,debug,warning}.log

Selected Kerio Connect log files.

 

Kerio Control (ESET Security for Kerio)

Artifact name

Collection profile

Location / File name

Description

Default

Threat detection

Kerio Control configuration

Kerio\Connect\winroute.cfg

Kerio Control configuration file.

Kerio Control logs

Kerio\Connect\Logs\{alert,error,security,debug,warning}.log

Selected Kerio Control log files.