[KB7955] Enable Network protection advanced logging in ESET Endpoint Security using ESET PROTECT (8.x)

0
(0)

Issue

  • Create a log of all connections blocked by the ESET firewall in ESET Endpoint Security
  • Enable advanced logging of the Network protection in ESET Endpoint Security and ESET Endpoint Antivirus
  • Activate logging of blocked connections in ESET Security Management Center
  • Download and run the ESET Log Collector tool

Solution

 Endpoint users: Perform these steps on individual client workstations

I. Activate logging of blocked connections in ESET PROTECT

ESET PROTECT 8.x User Permissions

This article assumes that your ESET PROTECT user has the correct access rights and permissions to perform the tasks below.

If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is  grayed out), see the following article to create a second administrator user with all the access rights (you only need to do this once): Create a second administrator user in ESET PROTECT

  1. Open the ESET PROTECT Web Console in your web browser and log in.
  2. Click Policies, select the desired Built-in policy and then select the policy that you want to modify.
  3. Click Actions → Edit.
    Figure 1-1
  4. Click Settings → Tools → Diagnostics.
  5. Expand the Advanced logging tab. Click the slider bar next to Enable Network protection advanced logging.
    Figure 1-2
  6. Click Assign → Assign.
    Figure 1-3
  7. Select the check boxes next to each computer or group you want this policy assigned to and click OK.
    Figure 1-4
  8. Click Finish. The policy will be applied to the client computer. With logging enabled, repeat the action that is blocked by the firewall and then continue to Part II.
Figure 1-5

II. Download and run the ESET Log Collector tool

The ESET Log Collector will create the firewall log along with other logs to help ESET technical support resolve your issue quickly.
  1. Download and run the ESET Log Collector tool.
  2. Include the log file that the tool produces in your email response to ESET technical support. If you have not already opened a case with ESET technical support, complete a technical support request and submit the file you just saved to ESET technical support for analysis.
  3. To stop recording logs of all blocked connections, repeat the steps in the Activate logging of the firewall section and click the slider bar next to Enable network protection advanced logging to disable the Firewall as shown in step 5. Click Finish. If advanced logging is not disabled, it will generate a large log file.
Figure 2-1
Using Override mode in ESET PROTECT

ESET Endpoint products (version 6.5 and later) include an Override mode option. When Override mode is enabled from ESET PROTECT Web Console, a user on a client machine can change the settings in the installed ESET Endpoint product, even if the settings were locked by another policy. After the changes have been configured on the client machine, the configuration can be requested and saved as a new policy that can be then applied on other computers.

Languages

Please contact your local support agent if you would like us to translate this article.

Last Updated: May 7, 2021

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 9 times, 1 visits today)
Tagged: