Jump to content
lonsun

Log Settings

Recommended Posts

Hello,

 

I am trying out Immunet 3.0 AV and for compliance reasons I need to be able to store logs for at least 6 months. I downloaded the free version and could not find any settings for log location, rotation, and retention. Can anyone give me a rundown on how logs are handled in Immunet AV?

 

Thanks,

 

Lon

Share this post


Link to post
Share on other sites

Hello Lon, open the GUI, click on History. A File History window will appear. On the top of this window click on View By: All File Events. This will show you all the activity that Immunet has encountered within the past week. These logs are stored at C:\ Program Files\Immunet\history - which is a .DB file. You will not be able to directly access this file while Immunet is running however. I hope this is what you were looking for. As far as changing the length of time the History is stored I have no knowledge on that or even if it's possible. If it is possible perhaps an Administrator or fellow staff member can provide that information for you. Regards, Ritchie...

Share this post


Link to post
Share on other sites

Thanks for the information, Ritchie. If anyone knows how to specify the retention time for event history please let me know. I'm also curious if you can export history to a easily usable format.

Share this post


Link to post
Share on other sites

Microsoft's Access or Excel software might work at converting the DB file into a readable format. If that doesn't work there is a paid software that I know of called Paradox Converter that can convert DB files. You could make a copy of the DB file and then convert the copy. It's rather expensive though. About 30 bucks. There's also is a demo version to this software with very limited functionality unfortunately.

Share this post


Link to post
Share on other sites

Hi Lon,

 

The consumer version of Immunet is not meant to be compliant for enterprises. If you are an enterprise user, I would recommend that you check out our fireAMP offering:

 

http://www.sourcefire.com/security-technologies/advanced-malware-protection/fireamp

 

The fireAMP product which is geared to satisfy business compliance needs, has a lot more functionality compared to the endpoint consumer versions.

 

Hope this helps

Share this post


Link to post
Share on other sites

And FYI, the quarantined file retention time on the Consumer version (Immunet) is 1 month. In the enterprise version (fireAMP) it's configurable and I don't think there is a limit on it.

Share this post


Link to post
Share on other sites

That's interesting to know RobT. That brings a question to mind however. If something is quarantined what happens to that file after one month? Is it automatically deleted then, since that would give you plenty of time to determine if it's malware or a FP being the thinking there? That would be my assumption or am I wrong on that?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×