[KB7955] Enable Network protection advanced logging in ESET Endpoint Security using ESET PROTECT (8.x – 9.x)

Issue

Solution

 Endpoint users: Perform these steps on individual client workstations

Required user permissions

This article assumes that you have the appropriate access rights and permissions to perform the tasks below.

If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.

I. Activate logging of blocked connections in ESET PROTECT

  1. Open the ESET PROTECT Web Console in your web browser and log in.

  2. Click Policies, select the desired Built-in policy and then select the policy that you want to modify.

  3. Click Actions → Edit.

    Figure 1-1
  4. Click Settings → Tools → Diagnostics.

  5. Expand the Advanced logging tab. Click the slider bar next to Enable Network protection advanced logging.

    Figure 1-2
  6. Click Assign → Assign.

    Figure 1-3
  7. Select the check boxes next to each computer or group you want this policy assigned to and click OK.

    Figure 1-4
  8. Click Finish. The policy will be applied to the client computer. With logging enabled, repeat the action that is blocked by the firewall and then continue to Part II.
Figure 1-5

II. Download and run the ESET Log Collector tool

The ESET Log Collector will create the firewall log along with other logs to help ESET technical support resolve your issue quickly.
  1. Download and run the ESET Log Collector tool.

  2. Include the log file that the tool produces in your email response to ESET technical support. If you have not already opened a case with ESET technical support, complete a technical support request and submit the file you just saved to ESET technical support for analysis.

  3. To stop recording logs of all blocked connections, repeat the steps in the Activate logging of the firewall section and click the slider bar next to Enable network protection advanced logging to disable the Firewall as shown in step 5. Click Finish. If advanced logging is not disabled, it will generate a large log file.
Figure 2-1
Using Override mode in ESET PROTECT

ESET Endpoint products (version 6.5 and later) include an Override mode option. When Override mode is enabled from ESET PROTECT Web Console, a user on a client machine can change the settings in the installed ESET Endpoint product, even if the settings were locked by another policy. After the changes have been configured on the client machine, the configuration can be requested and saved as a new policy that can be then applied on other computers.