List of artifacts / Collected files
This section describes the files contained in the resulting .zip file. Description is divided into subsections based on the information type (files and artifacts).
Location / File name |
Description |
---|---|
metadata.txt |
Contains the date of the .zip archive creation, ESET Log Collector version, ESET product version and basic licensing information. |
collector_log.txt |
A copy of the log file from the GUI, contains data up to the point when the .zip file is being created. |
Windows Processes |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
Running processes (open handles and loaded DLLs) |
✓ |
✓ |
Windows\Processes\Processes.txt |
Text file containing a list of running processes on the machine. For each process, the following items are printed: oPID oParent PID oNumber of threads oNumber of open handles grouped by type oLoaded modules oUser account it is running under oMemory usage oTimestamp of start oKernel and user time oI/O statistics oCommand line |
Running processes (open handles and loaded DLLs) |
✓ |
✓ |
Windows\ProcessesTree.txt |
Text file containing a tree of running processes on the machine. For each process following items are printed: oPID oUser account it is running under oTimestamp of start oCommand line |
Windows Logs |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
Application event log |
✓ |
✓ |
Windows\Logs\Application.xml |
XML containing Windows Application event logs in a custom XML format suitable for viewing in Microsoft Excel. Only messages from the last 30 days are included. All string references are translated on the source machine so that the viewing machine does not need access to referenced resource DLLs. |
System event log |
✓ |
✓ |
Windows\Logs\System.xml |
XML containing Windows System event logs in a custom XML format suitable for viewing in Microsoft Excel. Only messages from the last 30 days are included. All string references are translated on the source machine so that the viewing machine does not need access to referenced resource DLLs. |
Terminal services - LSM operational event log* |
✓ |
✓ |
Windows\Logs\LocalSessionManager-Operational.evtx |
Windows XML Event Log. It contains information about RDP sessions. A user can specify maximum age of exported records. |
Drivers install logs |
✓ |
✗ |
Windows\Logs\catroot2_dberr.txt |
Contains information about catalogs that have been added to "catstore" during driver installation. |
SetupAPI logs* |
✓ |
✗ |
Windows\Logs\SetupAPI\setupapi*.log |
Device and application installation text logs. |
*Windows Vista and newer
System Configuration |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
Drives info |
✓ |
✓ |
Windows/drives.txt |
Collected text file containing information about disk drives. |
Devices info |
✓ |
✓ |
Windows/devices/*.txt |
Collected multiple text files containing classes and interfaces information about devices. |
Network configuration |
✓ |
✓ |
Config\network.txt |
Collected text file containing network configuration. (Result of executing ipconfig /all) |
ESET SysInspector log |
✓ |
✓ |
Config\SysInspector.xml |
SysInspector log in the XML format. |
Winsock LSP catalog |
✓ |
✓ |
Config/WinsockLSP.txt |
Collect the output of netsh winsock show catalog command. |
WFP filters* |
✓ |
✓ |
Config\WFPFilters.xml |
Collected WFP filters configuration in the XML format. |
Complete Windows Registry content |
✗ |
✓ |
Windows\Registry\* |
Collected multiple binary files containing Windows Registry data. |
List of files in temporary directories |
✓ |
✓ |
Windows\TmpDirs\*.txt |
Collected multiple text files with content of system's user temp directories, %windir%/temp, %TEMP% and %TMP% directories. |
*Windows 7 and newer
ESET Installer |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
ESET Installer logs |
✓ |
✗ |
ESET\Installer\*.log |
Installation logs that were created during the installation of ESET NOD32 Antivirus and ESET Smart Security 10 Premium products. |
ESET Remote Administrator logs applies to ESET Security Management Center as well.
ESET Security Management Center (ESMC) and ESET Remote Administrator (ERA) |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
ESMC/ERA Server logs |
✓ |
✗ |
ERA\Server\Logs\RemoteAdministratorServerDiagnostic<datetime>.zip |
Create Server product logs in the ZIP archive. It contains trace, status and last-error logs. |
ESMC/ERA Agent logs |
✓ |
✗ |
ERA\Agent\Logs\RemoteAdministratorAgentDiagnostic<datetime>.zip |
Create Agent product logs in the ZIP archive. It contains trace, status and last-error logs. |
ESMC/ERA process information and dumps* |
✗ |
✗ |
ERA\Server\Process and old dump\RemoteAdministratorServerDiagnostic<datetime>.zip |
Server process dump(s). |
ESMC/ERA process information and dumps* |
✗ |
✗ |
ERA\Agent\Process and old dump\RemoteAdministratorAgentDiagnostic<datetime>.zip |
Agent process dump(s). |
ESMC/ERA configuration |
✓ |
✗ |
ERA\Server\Config\RemoteAdministratorServerDiagnostic<datetime>.zip |
Server configuration and application information files in the ZIP archive. |
ESMC/ERA configuration |
✓ |
✗ |
ERA\Agent\Config\RemoteAdministratorAgentDiagnostic<datetime>.zip |
Agent configuration and application information files in the ZIP archive. |
ESMC/ERA Rogue Detection Sensor logs |
✓ |
✗ |
ERA\RD Sensor\Rogue Detection SensorDiagnostic<datetime>.zip |
A ZIP containing RD Sensor trace log, last-error log, status log, configuration, dump(s) and general information files. |
ESMC/ERA MDMCore logs |
✓ |
✗ |
ERA\MDMCore\RemoteAdministratorMDMCoreDiagnostic<datetime>.zip |
A ZIP containing MDMCore trace log, last-error log, status log, dump(s) and general information files. |
ESMC/ERA Proxy logs |
✓ |
✗ |
ERA\Proxy\RemoteAdministratorProxyDiagnostic<datetime>.zip |
A ZIP containing ERA Proxy trace log, last-error log, status log, configuration, dump(s) and general information files. |
*ESMC/ERA Server or ESMC/ERA Agent
ESET Configuration |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
ESET product configuration |
✓ |
✓ |
info.xml |
Informational XML that details the ESET product installed on a system. It contains basic system information, installed product information and a list of product modules. |
ESET product configuration |
✓ |
✓ |
versions.csv |
Exported when the generation of info.xml has failed for any reason. Contains installed product information. |
ESET product configuration |
✓ |
✓ |
features_state.txt |
Contains information about ESET product features and their states (Active, Inactive, Not integrated). The file is always collected and is not tied to any selectable artifact. |
ESET product configuration |
✓ |
✓ |
Configuration\product_conf.xml |
Create XML with exported product configuration. |
ESET data and install directory file list |
✓ |
✓ |
ESET\Config\data_dir_list.txt |
Create text file containing list of files in ESET AppData directory and all their subdirectories. |
ESET data and install directory file list |
✓ |
✓ |
ESET\Config\install_dir_list.txt |
Create text file containing list of files in ESET Install directory and all their subdirectories. |
ESET drivers |
✓ |
✓ |
ESET\Config\drivers.txt |
Collect information about installed ESET drivers. |
ESET Personal firewall configuration |
✓ |
✓ |
ESET\Config\EpfwUser.dat |
Copy file with ESET Personal firewall configuration. |
ESET Registry key content |
✓ |
✓ |
ESET\Config\ESET.reg |
Contains a registry key content of HKLM\SOFTWARE\ESET |
Winsock LSP catalog |
✓ |
✓ |
Config/WinsockLSP.txt |
Collect the output of netsh winsock show catalog command. |
Last applied policy |
✓ |
✓ |
ESET\Config\lastPolicy.dat |
The policy applied by ERA. |
Quarantine |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
Info about quarantined files |
✓ |
✓ |
ESET\Quarantine\quar_info.txt |
Create text file with a list of quarantined objects. |
Quarantined files |
✗ |
✓ |
ESET\Quarantine\<username> |
Collect NDF and NQF files from ESET Security product. |
ESET Logs |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
ESET Events log |
✓ |
✓ |
ESET\Logs\Common\warnlog.dat |
ESET Product event log in binary format. |
ESET Detected threats log |
✓ |
✓ |
ESET\Logs\Common\virlog.dat |
ESET Detected threats log in binary format. |
ESET Computer scan logs |
✗ |
✓ |
ESET\Logs\Common\eScan\*.dat |
ESET Computer scan log(s) in binary format. |
ESET HIPS log* |
✓ |
✓ |
ESET\Logs\Common\hipslog.dat |
ESET HIPS log in binary format. |
ESET Parental control logs* |
✓ |
✓ |
ESET\Logs\Common\parentallog.dat |
ESET Parental control log in binary format. |
ESET Device control log* |
✓ |
✓ |
ESET\Logs\Common\devctrllog.dat |
ESET Device control log in binary format. |
ESET Webcam protection log* |
✓ |
✓ |
ESET\Logs\Common\webcamlog.dat |
ESET Webcam protection log in binary format. |
ESET On-demand server database scan logs |
✓ |
✓ |
ESET\Logs\Common\ServerOnDemand\*.dat |
ESET server On-demand log(s) in binary format. |
ESET Hyper-V server scan logs |
✓ |
✓ |
ESET\Logs\Common\HyperVOnDemand\*.dat |
ESET Hyper-V server scan log(s) in binary format. |
MS OneDrive scan logs |
✓ |
✓ |
ESET\Logs\Common\O365OnDemand\*.dat |
MS OneDrive scan log(s) in binary format. |
ESET Blocked files log |
✓ |
✓ |
ESET\Logs\Common\blocked.dat |
ESET Blocked files log(s) in binary format. |
ESET Sent files log |
✓ |
✓ |
ESET\Logs\Common\sent.dat |
ESET Sent files log(s) in binary format. |
*Option is displayed only when the file exists.
ESET Network Logs |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
ESET Network protection log* |
✓ |
✓ |
ESET\Logs\Net\epfwlog.dat |
ESET Network protection log in binary format. |
ESET Filtered websites log* |
✓ |
✓ |
ESET\Logs\Net\urllog.dat |
ESET Websites filter log in binary format. |
ESET Web control log* |
✓ |
✓ |
ESET\Logs\Net\webctllog.dat |
ESET Web control log in binary format. |
ESET pcap logs |
✓ |
✗ |
ESET\Logs\Net\EsetProxy*.pcapng |
Copy ESET pcap logs. |
*Option is displayed only when the file exists.
ESET Diagnostics |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
Local cache database |
✗ |
✓ |
ESET\Diagnostics\local.db |
ESET scanned files database. |
General product diagnostics logs |
✓ |
✗ |
ESET\Diagnostics\*.* |
Files (mini-dumps) from ESET diagnostics folder. |
ECP diagnostic logs |
✓ |
✗ |
ESET\Diagnostics\ECP\*.xml |
ESET Communication Protocol diagnostic logs are generated in case of problems with product activation and communication with activation servers. |
ESET Secure Authentication |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
ESA logs |
✓ |
✗ |
ESA\*.log |
Exported log(s) from the ESET Secure Authentication. |
ESET Email Logs (ESET Mail Security for Exchange, ESET Mail Security for Domino) |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
ESET Spam log |
✓ |
✗ |
ESET\Logs\Email\spamlog.dat |
ESET Spam log in binary format. |
ESET SMTP protection log |
✓ |
✗ |
ESET\Logs\Email\smtpprot.dat |
ESET SMTP protection log in binary format. |
ESET mail server protection log |
✓ |
✗ |
ESET\Logs\Email\mailserver.dat |
ESET Mail server protection log in binary format. |
ESET diagnostic e-mail processing logs |
✓ |
✗ |
ESET\Logs\Email\MailServer\*.dat |
ESET diagnostic e-mail processing logs in binary format, direct copy from disk. |
ESET Spam log* |
✓ |
✗ |
ESET\Logs\Email\spamlog.dat |
ESET Spam log in binary format. |
ESET Antispam configuration and diagnostic logs |
✓ |
✗ |
ESET\Logs\Email\Antispam\antispam.*.log |
Copy ESET Antispam configuration and diagnostic logs. |
ESET Antispam configuration and diagnostic logs |
✓ |
✗ |
ESET\Config\Antispam\*.* |
Copy ESET Antispam configuration and diagnostic logs. |
*Option is displayed only when the file exists.
ESET SharePoint logs (ESET Security for SharePoint) |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
ESET SHPIO.log |
✓ |
✗ |
ESET\Log\ESHP\SHPIO.log |
ESET Diagnostic log from the SHPIO.exe utility. |
Product specific logs - options are available for specific product.
Domino (ESET Mail Security for Domino) |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
Domino IBM_TECHNICAL_SUPPORT logs + notes.ini |
✓ |
✗ |
LotusDomino\Log\notes.ini |
IBM Domino configuration file. |
Domino IBM_TECHNICAL_SUPPORT logs + notes.ini |
✓ |
✗ |
LotusDomino\Log\IBM_TECHNICAL_SUPPORT\*.* |
IBM Domino logs, not older than 30 days. |
MS SharePoint (ESET Security for SharePoint) |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
MS SharePoint logs |
✓ |
✗ |
SharePoint\Logs\*.log |
MS SharePoint logs, not older than 30 days. |
SharePoint Registry key content |
✓ |
✗ |
SharePoint\WebServerExt.reg |
Contains a registry key content of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions. Available only when ESET Security for SharePoint is installed. |
MS Exchange (ESET Mail Security for Exchange) |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
MS Exchange transport agents registration |
✓ |
✗ |
Exchange\agents.config |
MS Exchange transport agents registration config file. For Microsoft Exchange Server 2007 and newer. |
MS Exchange transport agents registration |
✓ |
✗ |
Exchange\sinks_list.txt |
MS Exchange event sinks registration dump. For Microsoft Exchange Server 2000 and 2003. |
MS Exchange EWS logs |
✓ |
✗ |
Exchange\EWS\*.log |
Collecting of EWS Exchange Server logs. |
Kerio Connect (ESET Security for Kerio) |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
Kerio Connect configuration |
✓ |
✗ |
Kerio\Connect\mailserver.cfg |
Kerio Connect configuration file. |
Kerio Connect logs |
✓ |
✗ |
Kerio\Connect\Logs\{mail,error,security,debug,warning}.log |
Selected Kerio Connect log files. |
Kerio Control (ESET Security for Kerio) |
||||
---|---|---|---|---|
Artifact name |
Collection profile |
Location / File name |
Description |
|
Default |
Threat detection |
|||
Kerio Control configuration |
✓ |
✗ |
Kerio\Connect\winroute.cfg |
Kerio Control configuration file. |
Kerio Control logs |
✓ |
✗ |
Kerio\Connect\Logs\{alert,error,security,debug,warning}.log |
Selected Kerio Control log files. |