stapp

CLOSED Forensic logs 7797

Recommended Posts

EAM Win 7 64bit

What is the default for the number of Forensic log entries? Is it the same as default of 300? (It will soon fill up)

Is the Forensic log supposed to show any changes I have made from the default settings everytime I open the GUI?

for example..
Setting "Application restarts" has been changed to "Enabled"
Setting "Removable device connections" has been changed to "Enabled"

To see this, change a setting, reboot, open Settings and quickly cycle though General, Privacy, Update etc tabs and then Forensics will show any changes from Default settings that you have.

When I have an auto update while online it will show that I have moved update notification to right center.

 

 

Share this post


Link to post
Share on other sites

I get the same observation as stapp before. Opened GUI, quickly clicked through tabs in Options and Protection sections and yes, Forensics shows every non-default setting (see attachment, top part).

Moreover, I noticed strange thing - after scan completes (in this case a scheduled USB scan), I get information about scan with empty name being canceled (also in the attachment, highlighted. And yes, I went to menu and canceled this scan, just wondering about the name.).

forensics.PNG
Download Image

Share this post


Link to post
Share on other sites
13 hours ago, stapp said:

Is the Forensic log supposed to show any changes I have made from the default settings everytime I open the GUI?

Know problem. It is already fixed. The fix will be available a bit later.

Share this post


Link to post
Share on other sites

@stapp

Quote

What is the default for the number of Forensic log entries? Is it the same as default of 300? (It will soon fill up)


10.000 records, this value cannot be changed. it's a rotating database,  logrecord 10.001 will replace record 1, etc

Share this post


Link to post
Share on other sites
54 minutes ago, Frank H said:

@stapp


10.000 records, this value cannot be changed. it's a rotating database,  logrecord 10.001 will replace record 1, etc

Good, I was worried it was going to be 300 !!

Share this post


Link to post
Share on other sites

Can I also ask again about my earlier remark Frank

If I pause protection for 10 minutes this is not shown in Forensics log. Should it not be shown, at least, on restart of protection.? 

Share this post


Link to post
Share on other sites

How often is the forensic logs database flushed to disk?   If you have a machine crash, how uptodate will it be on the next boot?

Share this post


Link to post
Share on other sites

If I create an application block rule it is not shown in the Forensics Log.

If I remove the rule it is shown in the Forensics Log as removing it..

Surely it should show both... creation and removal of application rule? 

Share this post


Link to post
Share on other sites
20 hours ago, JeremyNicoll said:

How often is the forensic logs database flushed to disk?   If you have a machine crash, how uptodate will it be on the next boot?

It's saved every 50ms, so you typically shouldn't lose any information in case of a machine crash.

Share this post


Link to post
Share on other sites
Just now, Christian Mairoll said:

It's saved every 50ms, so you typically shouldn't lose any information in case of a machine crash.

Excellent.  Thank-you!

 

Share this post


Link to post
Share on other sites

To give some feedback about the Forensics Logs.

I actually didn't think I'd ever be using this feature, but since the update, I have unconsciously used it twice and found it useful.

First, was when I accidentally clicked through allowing a port... using Forensics log, i was able to go back and see what it was i had allowed.

good work.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.