ERAC: how do I clear the "Last Threat Alert" column

Using ERAC (NOD32 4.2 BE), I have created a parametric group named "Infected Machines" so that I can quickly set a filter to view machines having a "last threat alert".

Once I clean an infected machine (e.g. using an ESET standalone malware removal tool), how do I clear its Last Threat Alert? I want to clear it so that it no longer shows when this parametric group filter is applied.

TIA,
-Mike

 

You can accomplish this by right-clicking within the Clients pane and selecting Clear info -> Clear "Last Threat Alert" Info from the context menu.

 

Ahhh, that should do it - thanks. BUT, now I am wondering if I really want to get rid of that valuable info. Maybe there is a better way to get a parametric group that shows me just machines that have one or more UNCLEANED threats?

 

You can always view details about detected threats on the Threat tab and filter them as you want.

 

So how would I filter the threats pane so that I am seeing ONLY the threats that have not been cleaned (or cannot be cleaned)?

 

To leave only uncleaned threat warnings displayed in the Threat log, right-click a cell that reads "Critical warning" in the "Level" column and select "Select by 'Critical warning'" from the right-click context menu. Right-click the cell again and select "Hide unselected".

 

So "Critical Warning" implies that the threat has not yet been cleaned?

I tried filtering the Threats pane as you described, and noticed that even machines that WERE infected still show a Critical Warning in the Level column. I ran one of your stand-alone tools days ago and subsequent in-depth scans show the machines to be clean. Why is the Level column for cleaned machines still reporting Critical Warning? How does that ever get cleared?

 

The "Critical warning" means that there was some kind of a problem with automatic cleaning of the threat. It also occurs when the user was prompted for an action but the option "No action" was selected in the alert window. If the threat was deleted later (e.g. manually by the user or after a computer restart), the warning does not change as it pertains to the initial detection and the result of cleaning at that time.

 

So does a threat's Level ever change from Critical Warning to something else? Or will it always stay at Critical Warning?

If it remains at Critical Warning (even after being cleaned with a stand-alone tool), how can I get a list of just the UNRESOLVED/UNCLEANED threats?

 

All those records are records of statuses from a particular point in time (the moment of detection). You can schedule an on-demand scan to find out if there are still some threats found.

 

Ok, once a threat's Level is at Critical Warning, it remains that way forever - makes sense...

Now back to my original question, which I guess I am not doing a very good job of describing, so let me try again:

Imagine you are an admin and have 1000 machines with NOD32 installed, ERAC and ERAS. How can you use ERAC to view just machines with outstanding threats which have not yet been cleaned? Is there some way to filter the Clients pane so we only see infected machines?

 

You can filter out all warnings but the critical ones as I mentioned elsewhere. If you want to check the current status, schedule an on-demand scan. I don't have ERA on my home computer now but I assume that the results from the scan will show uncleaned threats as critical warnings then.

 

Is there any way to create a filter or parametric group that will *automatically* display all computers that ESET still considers to currently have one or more infections on the Client pane?

I initially created a parametric group having a single parameter of "HAS Last threat Alert". But, even computers that have been successfully cleaned will still have information showing in their Last Threat Alert column (unless I manually clear that column for each machine).

I am asking if there's a way to view just computers that ESET knows to be still infected, WITHOUT me having to manually clear fields like Last threat Alert?

 

Marcos - maybe this will give you a better idea as to what I am looking for:

Go to the Clients pane in ERAC. In the filter section in very lower left you will see a Only show problems check box. I could not find any documentation as to exactly what that means, but when I checked the box it listed machines that had an old Last Connected date.

I wish there was a Only show infected clients check box so that I could QUICKLY see what clients needed my attention.

 

Just a FYI that there's a small quirk/bug with the refreshing (F5) of the Client's pane in a parametric group (e.g. in my case I have a single parameter of "HAS Last Threat Alert"). Once I follow your advice and clear the Last Threat Alert column for a particular row/machine, the Client pane still lists this machine even after I press F5 (refresh). I found I had to use the record navigation buttons (e.g. Top) to get the one machine to disappear from the grid.

The fix would be to make it so that a refresh (F5) operation updates the Client pane properly after a column is cleared that is part of the parametric group's parameters. Better yet, as soon as someone clears a column, update the Clients pane automatically.

 

Hello,

Your feature request has been submitted to ESET's product management team for consideration in a future software release.

Regards,

Aryeh Goretsky