metadata.txt

Contains the date of the .zip archive creation, ESET Log Collector version, ESET product version and basic licensing information.

collector_log.txt

A copy of the log file from the GUI, contains data up to the point when the .zip file is being created.

Running processes

(open handles and loaded DLLs)

✓

✓

Windows\Processes\Processes.txt

Text file containing a list of running processes on the machine. For each process, the following items are printed:

oPID

oParent PID

oNumber of threads

oNumber of open handles grouped by type

oLoaded modules

oUser account it is running under

oMemory usage

oTimestamp of start

oKernel and user time

oI/O statistics

oCommand line

Running processes

(open handles and loaded DLLs)

✓

✓

Windows\ProcessesTree.txt

Text file containing a tree of running processes on the machine. For each process following items are printed:

oPID

oUser account it is running under

oTimestamp of start

oCommand line

Application event log

✓

✓

Windows\Logs\Application.xml

XML containing Windows Application event logs in a custom XML format suitable for viewing in Microsoft Excel. Only messages from the last 30 days are included. All string references are translated on the source machine so that the viewing machine does not need access to referenced resource DLLs.

System event log

✓

✓

Windows\Logs\System.xml

XML containing Windows System event logs in a custom XML format suitable for viewing in Microsoft Excel. Only messages from the last 30 days are included. All string references are translated on the source machine so that the viewing machine does not need access to referenced resource DLLs.

Terminal services - LSM operational event log*

✓

✓

Windows\Logs\LocalSessionManager-Operational.evtx

Windows XML Event Log. It contains information about RDP sessions. A user can specify maximum age of exported records.

Drivers install logs

✓

✗

Windows\Logs\catroot2_dberr.txt

Contains information about catalogs that have been added to "catstore" during driver installation.

SetupAPI logs*

✓

✗

Windows\Logs\SetupAPI\setupapi*.log

Device and application installation text logs.

Drives info

✓

✓

Windows/drives.txt

Collected text file containing information about disk drives.

Devices info

✓

✓

Windows/devices/*.txt

Collected multiple text files containing classes and interfaces information about devices.

Network configuration

✓

✓

Config\network.txt

Collected text file containing network configuration. (Result of executing ipconfig /all)

ESET SysInspector log

✓

✓

Config\SysInspector.xml

SysInspector log in the XML format.

Winsock LSP catalog

✓

✓

Config/WinsockLSP.txt

Collect the output of netsh winsock show catalog command.

WFP filters*

✓

✓

Config\WFPFilters.xml

Collected WFP filters configuration in the XML format.

Complete Windows Registry content

✗

✓

Windows\Registry\*

Collected multiple binary files containing Windows Registry data.

List of files in temporary directories

✓

✓

Windows\TmpDirs\*.txt

Collected multiple text files with content of system's user temp directories, %windir%/temp, %TEMP% and %TMP% directories.

ESET Installer logs

✓

✗

ESET\Installer\*.log

Installation logs that were created during the installation of ESET NOD32 Antivirus and ESET Smart Security 10 Premium products.

ESMC/ERA Server logs

✓

✗

ERA\Server\Logs\RemoteAdministratorServerDiagnostic<datetime>.zip

Create Server product logs in the ZIP archive. It contains trace, status and last-error logs.

ESMC/ERA Agent logs

✓

✗

ERA\Agent\Logs\RemoteAdministratorAgentDiagnostic<datetime>.zip

Create Agent product logs in the ZIP archive. It contains trace, status and last-error logs.

ESMC/ERA process information and dumps*

✗

✗

ERA\Server\Process and old dump\RemoteAdministratorServerDiagnostic<datetime>.zip

Server process dump(s).

ESMC/ERA process information and dumps*

✗

✗

ERA\Agent\Process and old dump\RemoteAdministratorAgentDiagnostic<datetime>.zip

Agent process dump(s).

ESMC/ERA configuration

✓

✗

ERA\Server\Config\RemoteAdministratorServerDiagnostic<datetime>.zip

Server configuration and application information files in the ZIP archive.

ESMC/ERA configuration

✓

✗

ERA\Agent\Config\RemoteAdministratorAgentDiagnostic<datetime>.zip

Agent configuration and application information files in the ZIP archive.

ESMC/ERA Rogue Detection Sensor logs

✓

✗

ERA\RD Sensor\Rogue Detection SensorDiagnostic<datetime>.zip

A ZIP containing RD Sensor trace log, last-error log, status log, configuration, dump(s) and general information files.

ESMC/ERA MDMCore logs

✓

✗

ERA\MDMCore\RemoteAdministratorMDMCoreDiagnostic<datetime>.zip

A ZIP containing MDMCore trace log, last-error log, status log, dump(s) and general information files.

ESMC/ERA Proxy logs

✓

✗

ERA\Proxy\RemoteAdministratorProxyDiagnostic<datetime>.zip

A ZIP containing ERA Proxy trace log, last-error log, status log, configuration, dump(s) and general information files.

ESET product configuration

✓

✓

info.xml

Informational XML that details the ESET product installed on a system. It contains basic system information, installed product information and a list of product modules.

ESET product configuration

✓

✓

versions.csv

Exported when the generation of info.xml has failed for any reason. Contains installed product information.

ESET product configuration

✓

✓

features_state.txt

Contains information about ESET product features and their states (Active, Inactive, Not integrated). The file is always collected and is not tied to any selectable artifact.

ESET product configuration

✓

✓

Configuration\product_conf.xml

Create XML with exported product configuration.

ESET data and install directory file list

✓

✓

ESET\Config\data_dir_list.txt

Create text file containing list of files in ESET AppData directory and all their subdirectories.

ESET data and install directory file list

✓

✓

ESET\Config\install_dir_list.txt

Create text file containing list of files in ESET Install directory and all their subdirectories.

ESET drivers

✓

✓

ESET\Config\drivers.txt

Collect information about installed ESET drivers.

ESET Personal firewall configuration

✓

✓

ESET\Config\EpfwUser.dat

Copy file with ESET Personal firewall configuration.

ESET Registry key content

✓

✓

ESET\Config\ESET.reg

Contains a registry key content of HKLM\SOFTWARE\ESET

Winsock LSP catalog

✓

✓

Config/WinsockLSP.txt

Collect the output of netsh winsock show catalog command.

Last applied policy

✓

✓

ESET\Config\lastPolicy.dat

The policy applied by ERA.

Info about quarantined files

✓

✓

ESET\Quarantine\quar_info.txt

Create text file with a list of quarantined objects.

Quarantined files

✗

✓

ESET\Quarantine\<username>

Collect NDF and NQF files from ESET Security product.

ESET Events log

✓

✓

ESET\Logs\Common\warnlog.dat

ESET Product event log in binary format.

ESET Detected threats log

✓

✓

ESET\Logs\Common\virlog.dat

ESET Detected threats log in binary format.

ESET Computer scan logs

✗

✓

ESET\Logs\Common\eScan\*.dat

ESET Computer scan log(s) in binary format.

ESET HIPS log*

✓

✓

ESET\Logs\Common\hipslog.dat

ESET HIPS log in binary format.

ESET Parental control logs*

✓

✓

ESET\Logs\Common\parentallog.dat

ESET Parental control log in binary format.

ESET Device control log*

✓

✓

ESET\Logs\Common\devctrllog.dat

ESET Device control log in binary format.

ESET Webcam protection log*

✓

✓

ESET\Logs\Common\webcamlog.dat

ESET Webcam protection log in binary format.

ESET On-demand server database scan logs

✓

✓

ESET\Logs\Common\ServerOnDemand\*.dat

ESET server On-demand log(s) in binary format.

ESET Hyper-V server scan logs

✓

✓

ESET\Logs\Common\HyperVOnDemand\*.dat

ESET Hyper-V server scan log(s) in binary format.

MS OneDrive scan logs

✓

✓

ESET\Logs\Common\O365OnDemand\*.dat

MS OneDrive scan log(s) in binary format.

ESET Blocked files log

✓

✓

ESET\Logs\Common\blocked.dat

ESET Blocked files log(s) in binary format.

ESET Sent files log

✓

✓

ESET\Logs\Common\sent.dat

ESET Sent files log(s) in binary format.

ESET Network protection log*

✓

✓

ESET\Logs\Net\epfwlog.dat

ESET Network protection log in binary format.

ESET Filtered websites log*

✓

✓

ESET\Logs\Net\urllog.dat

ESET Websites filter log in binary format.

ESET Web control log*

✓

✓

ESET\Logs\Net\webctllog.dat

ESET Web control log in binary format.

ESET pcap logs

✓

✗

ESET\Logs\Net\EsetProxy*.pcapng

Copy ESET pcap logs.

Local cache database

✗

✓

ESET\Diagnostics\local.db

ESET scanned files database.

General product diagnostics logs

✓

✗

ESET\Diagnostics\*.*

Files (mini-dumps) from ESET diagnostics folder.

ECP diagnostic logs

✓

✗

ESET\Diagnostics\ECP\*.xml

ESET Communication Protocol diagnostic logs are generated in case of problems with product activation and communication with activation servers.

ESA logs

✓

✗

ESA\*.log

Exported log(s) from the ESET Secure Authentication.

ESET Spam log

✓

✗

ESET\Logs\Email\spamlog.dat

ESET Spam log in binary format.

ESET SMTP protection log

✓

✗

ESET\Logs\Email\smtpprot.dat

ESET SMTP protection log in binary format.

ESET mail server protection log

✓

✗

ESET\Logs\Email\mailserver.dat

ESET Mail server protection log in binary format.

ESET diagnostic e-mail processing logs

✓

✗

ESET\Logs\Email\MailServer\*.dat

ESET diagnostic e-mail processing logs in binary format, direct copy from disk.

ESET Spam log*

✓

✗

ESET\Logs\Email\spamlog.dat

ESET Spam log in binary format.

ESET Antispam configuration and diagnostic logs

✓

✗

ESET\Logs\Email\Antispam\antispam.*.log

Copy ESET Antispam configuration and diagnostic logs.

ESET Antispam configuration and diagnostic logs

✓

✗

ESET\Config\Antispam\*.*

Copy ESET Antispam configuration and diagnostic logs.

ESET SHPIO.log

✓

✗

ESET\Log\ESHP\SHPIO.log

ESET Diagnostic log from the SHPIO.exe utility.

Domino IBM_TECHNICAL_SUPPORT logs + notes.ini

✓

✗

LotusDomino\Log\notes.ini

IBM Domino configuration file.

Domino IBM_TECHNICAL_SUPPORT logs + notes.ini

✓

✗

LotusDomino\Log\IBM_TECHNICAL_SUPPORT\*.*

IBM Domino logs, not older than 30 days.

MS SharePoint logs

✓

✗

SharePoint\Logs\*.log

MS SharePoint logs, not older than 30 days.

SharePoint Registry key content

✓

✗

SharePoint\WebServerExt.reg

Contains a registry key content of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions. Available only when ESET Security for SharePoint is installed.

MS Exchange transport agents registration

✓

✗

Exchange\agents.config

MS Exchange transport agents registration config file. For Microsoft Exchange Server 2007 and newer.

MS Exchange transport agents registration

✓

✗

Exchange\sinks_list.txt

MS Exchange event sinks registration dump. For Microsoft Exchange Server 2000 and 2003.

MS Exchange EWS logs

✓

✗

Exchange\EWS\*.log

Collecting of EWS Exchange Server logs.

Kerio Connect configuration

✓

✗

Kerio\Connect\mailserver.cfg

Kerio Connect configuration file.

Kerio Connect logs

✓

✗

Kerio\Connect\Logs\{mail,error,security,debug,warning}.log

Selected Kerio Connect log files.

Kerio Control configuration

✓

✗

Kerio\Connect\winroute.cfg

Kerio Control configuration file.

Kerio Control logs

✓

✗

Kerio\Connect\Logs\{alert,error,security,debug,warning}.log

Selected Kerio Control log files.