Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Kaspersky Log Analyse (https://www.trojaner-board.de/199724-kaspersky-log-analyse.html)

DieGrille 13.08.2020 12:50
Kaspersky Log Analyse
 
Das Kaspersky Log der Ct Desinfect 2020 bitte auswerten:

Das letzte Download Event (ich erspare euch die vorausgehenden 3400 Download Events) gefolgt vom Scanergebnis. Alles sauber oder?:

Code:
EventType=ModuleDownloaded
EventId=3421
Initiator=Product
Date=2020-08-13 08:20:14
DangerLevel=Informational
TaskName=Update
RuntimeTaskId=6
TaskId=6
TaskType=Update
ModuleName=updates/ksn/wnstat2.xms

EventType=ProductModuleInstalled
EventId=3422
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
ModuleName=libcrypto_ssl_1_1.so

EventType=AVBasesIntegrityCheckOK
EventId=3423
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
TaskName=Update
RuntimeTaskId=6
TaskId=6
TaskType=Update

EventType=AVBasesAttached
EventId=3424
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
TaskName=Update
RuntimeTaskId=6
TaskId=6
TaskType=Update
AVBasesDate=2020-08-13 06:15:00
AVBasesReleaseDate=2020-08-13 08:10:00

EventType=AVBasesApplied
EventId=3425
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
TaskName=Update
RuntimeTaskId=6
TaskId=6
TaskType=Update
AVBasesDate=2020-08-13 06:15:00
AVBasesReleaseDate=2020-08-13 08:10:00

EventType=TaskStateChanged
EventId=3426
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
TaskName=Update
SCTaskName=Update
RuntimeTaskId=6
TaskId=6
TaskState=Stopped
PrevTaskState=Started
TaskType=Update

EventType=LicenseInstalled
EventId=3427
Initiator=Product
Date=2020-08-13 08:20:22
DangerLevel=Informational
TaskName=License
TaskId=9
TaskType=License
Reason=AdditionalKeyAsActive

EventType=TaskStateChanged
EventId=3428
Initiator=Scheduler
Date=2020-08-13 08:20:22
DangerLevel=Informational
TaskName=Device_Control
SCTaskName=Device_Control
RuntimeTaskId=7
TaskId=15
TaskState=Starting
PrevTaskState=Stopped
TaskType=DeviceControl

EventType=KsnStateChanged
EventId=3429
Initiator=Product
Date=2020-08-13 08:20:22
DangerLevel=Informational
KsnStatementId=31f21e3d-d059-8936-01c9-de031b21fce0
KsnAcceptance=Denied
KsnStatisticsId=31f21e3d-d059-8936-01c9-de031b21fce0
KsnStatisticsAcceptance=Denied
KsnState=Off

EventType=TaskStateChanged
EventId=3430
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:20:22
DangerLevel=Informational
TaskName=File_Threat_Protection
SCTaskName=File_Threat_Protection
RuntimeTaskId=8
TaskId=1
TaskState=Starting
PrevTaskState=Stopped
TaskType=OAS

EventType=TaskStateChanged
EventId=3431
Initiator=Scheduler
Date=2020-08-13 08:20:23
DangerLevel=Informational
TaskName=Device_Control
SCTaskName=Device_Control
RuntimeTaskId=7
TaskId=15
TaskState=Started
PrevTaskState=Starting
TaskType=DeviceControl

EventType=TaskStateChanged
EventId=3432
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:20:23
DangerLevel=Informational
TaskName=File_Threat_Protection
SCTaskName=File_Threat_Protection
RuntimeTaskId=8
TaskId=1
TaskState=Started
PrevTaskState=Starting
TaskType=OAS

EventType=TaskStateChanged
EventId=3433
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:20:23
DangerLevel=Informational
TaskName=File_Threat_Protection
SCTaskName=File_Threat_Protection
RuntimeTaskId=8
TaskId=1
TaskState=Stopping
PrevTaskState=Started
TaskType=OAS

EventType=TaskStateChanged
EventId=3434
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:20:23
DangerLevel=Informational
TaskName=File_Threat_Protection
SCTaskName=File_Threat_Protection
RuntimeTaskId=8
TaskId=1
TaskState=Stopped
PrevTaskState=Stopping
TaskType=OAS

EventType=TaskCreated
EventId=3435
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
TaskId=100
TaskType=ODS
ScanArchived=Yes
ScanSfxArchived=Yes
ScanMailBases=No
ScanPlainMail=No
TimeLimit=0
SizeLimit=0
FirstAction=Skip
SecondAction=Skip
UseExcludeMasks=No
UseExcludeThreats=No
ReportCleanObjects=No
ReportPackedObjects=No
ReportUnprocessedObjects=No
UseAnalyzer=Yes
HeuristicLevel=Recommended
UseIChecker=Yes
ScanPriority=Normal
[ScanScope.item_0000]
AreaDesc=
UseScanArea=Yes
Path=/var/run/desinfect/tests
AreaMask.item_0000=*

EventType=TaskStateChanged
EventId=3436
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
TaskState=Starting
PrevTaskState=Stopped
TaskType=ODS

EventType=TaskStateChanged
EventId=3437
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
TaskState=Started
PrevTaskState=Starting
TaskType=ODS

EventType=ThreatDetected
EventId=3438
Initiator=Product
Date=2020-08-13 08:21:02
DangerLevel=Critical
FileName=/var/run/desinfect/tests/eicar.com
ObjectName=File
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
DetectName=EICAR-Test-File
TaskType=ODS
FileOwner=root
FileOwnerId=0
DetectCertainty=Sure
DetectType=Virware
DetectSource=Local
ObjectId=1
FileSize=68
AccessUser=root
AccessUserId=0
Md5Hash=44d88612fea8a8f36de82e1278abb02f

EventType=ObjectNotDisinfected
EventId=3439
Initiator=Product
Date=2020-08-13 08:21:02
DangerLevel=Medium
FileName=/var/run/desinfect/tests/eicar.com
ObjectName=File
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
TaskType=ODS
FileOwner=root
FileOwnerId=0
ObjectId=1
FileSize=68
AccessUser=root
AccessUserId=0
ObjectNotDisinfectedReason=Cancelled
Md5Hash=44d88612fea8a8f36de82e1278abb02f

EventType=TaskStateChanged
EventId=3440
Initiator=Product
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
TaskState=Stopped
PrevTaskState=Started
TaskType=ODS

EventType=TaskDeleted
EventId=3441
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
TaskId=100
TaskType=ODS

EventType=TaskSettingsChanged
EventId=3442
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:06:46
DangerLevel=Informational
TaskName=Scan_File
SCTaskName=Scan_File
RuntimeTaskId=0
TaskId=3
TaskType=ODS
ScanArchived=No
ScanSfxArchived=No
ScanMailBases=No
ScanPlainMail=No
TimeLimit=0
SizeLimit=0
FirstAction=Recommended
SecondAction=Skip
UseExcludeMasks=No
UseExcludeThreats=No
ReportCleanObjects=No
ReportPackedObjects=No
ReportUnprocessedObjects=No
UseAnalyzer=Yes
HeuristicLevel=Recommended
UseIChecker=Yes
ScanPriority=Normal
[ScanScope.item_0000]
AreaDesc=All objects
UseScanArea=Yes
Path=/
AreaMask.item_0000=*

EventType=TaskCreated
EventId=3443
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:06:46
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
TaskId=101
TaskType=ODS
ScanArchived=No
ScanSfxArchived=No
ScanMailBases=No
ScanPlainMail=No
TimeLimit=0
SizeLimit=0
FirstAction=Skip
SecondAction=Skip
UseExcludeMasks=No
UseExcludeThreats=No
ReportCleanObjects=No
ReportPackedObjects=No
ReportUnprocessedObjects=No
UseAnalyzer=Yes
HeuristicLevel=Recommended
UseIChecker=Yes
ScanPriority=Normal
[ScanScope.item_0000]
AreaDesc=
UseScanArea=Yes
Path=/media
AreaMask.item_0000=*

EventType=TaskStateChanged
EventId=3444
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:06:46
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
RuntimeTaskId=10
TaskId=101
TaskState=Starting
PrevTaskState=Stopped
TaskType=ODS

EventType=TaskStateChanged
EventId=3445
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:06:46
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
RuntimeTaskId=10
TaskId=101
TaskState=Started
PrevTaskState=Starting
TaskType=ODS

EventType=TaskStateChanged
EventId=3446
Initiator=Product
Date=2020-08-13 09:15:14
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
RuntimeTaskId=10
TaskId=101
TaskState=Stopped
PrevTaskState=Started
TaskType=ODS

EventType=TaskDeleted
EventId=3447
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:15:14
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
TaskId=101
TaskType=ODS

cosinus 13.08.2020 16:31
Das Log ist ziemlich nichtssagend. Was ist der Anlass für so einen Scan? Vor allem von sowas unnötigem wie desinfect?

DieGrille 14.08.2020 08:46
Zitat:
Zitat von cosinus (Beitrag 1739469)
Was ist der Anlass für so einen Scan?
Vorsorge bzw. ein potenzieller Emotet-Treffer nach einer Vielzahl von Emotet-Mails.


Zitat:
Zitat von cosinus (Beitrag 1739469)
Vor allem von sowas unnötigem wie desinfect?
5 der aktuellen Scanner, die auf einem vorgelagerten Linux-System booten und die Platte durchsuchen. Was soll besser sein?

Alle der hier genannten Tools (außer Farbar) laufen ungeschützt auf dem hochgefahrenen Windows-System.

Weder RogueKiller noch ESET Online Scanner, die ich zum Spaß durchlaufen lassen habe, sind übrigens fündig geworden.

cosinus 14.08.2020 13:40
Zitat:
Alle der hier genannten Tools (außer Farbar) laufen ungeschützt auf dem hochgefahrenen Windows-System.
Unter "ungeschützt" sollen wir was bitte verstehen?
Warum hast du unsere Hinweise zur Analyse nicht gelesen bzw umgesetzt?

cosinus 25.08.2020 12:46
Fehlende Rückmeldung

Dieser Thread wird wegen fehlender Rückmeldung tonniert.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131