Das Kaspersky Log der Ct Desinfect 2020 bitte auswerten:

Das letzte Download Event (ich erspare euch die vorausgehenden 3400 Download Events) gefolgt vom Scanergebnis. Alles sauber oder?:

Code: Alles auswählenAufklappen

ATTFilter

EventType=ModuleDownloaded
EventId=3421
Initiator=Product
Date=2020-08-13 08:20:14
DangerLevel=Informational
TaskName=Update
RuntimeTaskId=6
TaskId=6
TaskType=Update
ModuleName=updates/ksn/wnstat2.xms

EventType=ProductModuleInstalled
EventId=3422
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
ModuleName=libcrypto_ssl_1_1.so

EventType=AVBasesIntegrityCheckOK
EventId=3423
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
TaskName=Update
RuntimeTaskId=6
TaskId=6
TaskType=Update

EventType=AVBasesAttached
EventId=3424
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
TaskName=Update
RuntimeTaskId=6
TaskId=6
TaskType=Update
AVBasesDate=2020-08-13 06:15:00
AVBasesReleaseDate=2020-08-13 08:10:00

EventType=AVBasesApplied
EventId=3425
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
TaskName=Update
RuntimeTaskId=6
TaskId=6
TaskType=Update
AVBasesDate=2020-08-13 06:15:00
AVBasesReleaseDate=2020-08-13 08:10:00

EventType=TaskStateChanged
EventId=3426
Initiator=Product
Date=2020-08-13 08:20:21
DangerLevel=Informational
TaskName=Update
SCTaskName=Update
RuntimeTaskId=6
TaskId=6
TaskState=Stopped
PrevTaskState=Started
TaskType=Update

EventType=LicenseInstalled
EventId=3427
Initiator=Product
Date=2020-08-13 08:20:22
DangerLevel=Informational
TaskName=License
TaskId=9
TaskType=License
Reason=AdditionalKeyAsActive

EventType=TaskStateChanged
EventId=3428
Initiator=Scheduler
Date=2020-08-13 08:20:22
DangerLevel=Informational
TaskName=Device_Control
SCTaskName=Device_Control
RuntimeTaskId=7
TaskId=15
TaskState=Starting
PrevTaskState=Stopped
TaskType=DeviceControl

EventType=KsnStateChanged
EventId=3429
Initiator=Product
Date=2020-08-13 08:20:22
DangerLevel=Informational
KsnStatementId=31f21e3d-d059-8936-01c9-de031b21fce0
KsnAcceptance=Denied
KsnStatisticsId=31f21e3d-d059-8936-01c9-de031b21fce0
KsnStatisticsAcceptance=Denied
KsnState=Off

EventType=TaskStateChanged
EventId=3430
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:20:22
DangerLevel=Informational
TaskName=File_Threat_Protection
SCTaskName=File_Threat_Protection
RuntimeTaskId=8
TaskId=1
TaskState=Starting
PrevTaskState=Stopped
TaskType=OAS

EventType=TaskStateChanged
EventId=3431
Initiator=Scheduler
Date=2020-08-13 08:20:23
DangerLevel=Informational
TaskName=Device_Control
SCTaskName=Device_Control
RuntimeTaskId=7
TaskId=15
TaskState=Started
PrevTaskState=Starting
TaskType=DeviceControl

EventType=TaskStateChanged
EventId=3432
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:20:23
DangerLevel=Informational
TaskName=File_Threat_Protection
SCTaskName=File_Threat_Protection
RuntimeTaskId=8
TaskId=1
TaskState=Started
PrevTaskState=Starting
TaskType=OAS

EventType=TaskStateChanged
EventId=3433
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:20:23
DangerLevel=Informational
TaskName=File_Threat_Protection
SCTaskName=File_Threat_Protection
RuntimeTaskId=8
TaskId=1
TaskState=Stopping
PrevTaskState=Started
TaskType=OAS

EventType=TaskStateChanged
EventId=3434
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:20:23
DangerLevel=Informational
TaskName=File_Threat_Protection
SCTaskName=File_Threat_Protection
RuntimeTaskId=8
TaskId=1
TaskState=Stopped
PrevTaskState=Stopping
TaskType=OAS

EventType=TaskCreated
EventId=3435
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
TaskId=100
TaskType=ODS
ScanArchived=Yes
ScanSfxArchived=Yes
ScanMailBases=No
ScanPlainMail=No
TimeLimit=0
SizeLimit=0
FirstAction=Skip
SecondAction=Skip
UseExcludeMasks=No
UseExcludeThreats=No
ReportCleanObjects=No
ReportPackedObjects=No
ReportUnprocessedObjects=No
UseAnalyzer=Yes
HeuristicLevel=Recommended
UseIChecker=Yes
ScanPriority=Normal
[ScanScope.item_0000]
AreaDesc=
UseScanArea=Yes
Path=/var/run/desinfect/tests
AreaMask.item_0000=*

EventType=TaskStateChanged
EventId=3436
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
TaskState=Starting
PrevTaskState=Stopped
TaskType=ODS

EventType=TaskStateChanged
EventId=3437
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
TaskState=Started
PrevTaskState=Starting
TaskType=ODS

EventType=ThreatDetected
EventId=3438
Initiator=Product
Date=2020-08-13 08:21:02
DangerLevel=Critical
FileName=/var/run/desinfect/tests/eicar.com
ObjectName=File
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
DetectName=EICAR-Test-File
TaskType=ODS
FileOwner=root
FileOwnerId=0
DetectCertainty=Sure
DetectType=Virware
DetectSource=Local
ObjectId=1
FileSize=68
AccessUser=root
AccessUserId=0
Md5Hash=44d88612fea8a8f36de82e1278abb02f

EventType=ObjectNotDisinfected
EventId=3439
Initiator=Product
Date=2020-08-13 08:21:02
DangerLevel=Medium
FileName=/var/run/desinfect/tests/eicar.com
ObjectName=File
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
TaskType=ODS
FileOwner=root
FileOwnerId=0
ObjectId=1
FileSize=68
AccessUser=root
AccessUserId=0
ObjectNotDisinfectedReason=Cancelled
Md5Hash=44d88612fea8a8f36de82e1278abb02f

EventType=TaskStateChanged
EventId=3440
Initiator=Product
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
RuntimeTaskId=9
TaskId=100
TaskState=Stopped
PrevTaskState=Started
TaskType=ODS

EventType=TaskDeleted
EventId=3441
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 08:21:02
DangerLevel=Informational
TaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
SCTaskName=Scan_File_945bd5ee-846a-4859-afc9-e255c678de5d
TaskId=100
TaskType=ODS

EventType=TaskSettingsChanged
EventId=3442
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:06:46
DangerLevel=Informational
TaskName=Scan_File
SCTaskName=Scan_File
RuntimeTaskId=0
TaskId=3
TaskType=ODS
ScanArchived=No
ScanSfxArchived=No
ScanMailBases=No
ScanPlainMail=No
TimeLimit=0
SizeLimit=0
FirstAction=Recommended
SecondAction=Skip
UseExcludeMasks=No
UseExcludeThreats=No
ReportCleanObjects=No
ReportPackedObjects=No
ReportUnprocessedObjects=No
UseAnalyzer=Yes
HeuristicLevel=Recommended
UseIChecker=Yes
ScanPriority=Normal
[ScanScope.item_0000]
AreaDesc=All objects
UseScanArea=Yes
Path=/
AreaMask.item_0000=*

EventType=TaskCreated
EventId=3443
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:06:46
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
TaskId=101
TaskType=ODS
ScanArchived=No
ScanSfxArchived=No
ScanMailBases=No
ScanPlainMail=No
TimeLimit=0
SizeLimit=0
FirstAction=Skip
SecondAction=Skip
UseExcludeMasks=No
UseExcludeThreats=No
ReportCleanObjects=No
ReportPackedObjects=No
ReportUnprocessedObjects=No
UseAnalyzer=Yes
HeuristicLevel=Recommended
UseIChecker=Yes
ScanPriority=Normal
[ScanScope.item_0000]
AreaDesc=
UseScanArea=Yes
Path=/media
AreaMask.item_0000=*

EventType=TaskStateChanged
EventId=3444
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:06:46
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
RuntimeTaskId=10
TaskId=101
TaskState=Starting
PrevTaskState=Stopped
TaskType=ODS

EventType=TaskStateChanged
EventId=3445
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:06:46
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
RuntimeTaskId=10
TaskId=101
TaskState=Started
PrevTaskState=Starting
TaskType=ODS

EventType=TaskStateChanged
EventId=3446
Initiator=Product
Date=2020-08-13 09:15:14
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
RuntimeTaskId=10
TaskId=101
TaskState=Stopped
PrevTaskState=Started
TaskType=ODS

EventType=TaskDeleted
EventId=3447
Initiator=User
UserName=root
UserId=0
Date=2020-08-13 09:15:14
DangerLevel=Informational
TaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
SCTaskName=Scan_File_dd3b6279-6e6c-4f48-9f68-77016cdb00e4
TaskId=101
TaskType=ODS
         

Das Log ist ziemlich nichtssagend. Was ist der Anlass für so einen Scan? Vor allem von sowas unnötigem wie desinfect?

Zitat:

Zitat von cosinus

Was ist der Anlass für so einen Scan?

Vorsorge bzw. ein potenzieller Emotet-Treffer nach einer Vielzahl von Emotet-Mails.

Zitat:

Zitat von cosinus

Vor allem von sowas unnötigem wie desinfect?

5 der aktuellen Scanner, die auf einem vorgelagerten Linux-System booten und die Platte durchsuchen. Was soll besser sein?

Alle der hier genannten Tools (außer Farbar) laufen ungeschützt auf dem hochgefahrenen Windows-System.

Weder RogueKiller noch ESET Online Scanner, die ich zum Spaß durchlaufen lassen habe, sind übrigens fündig geworden.

Zitat:

Alle der hier genannten Tools (außer Farbar) laufen ungeschützt auf dem hochgefahrenen Windows-System.

Unter "ungeschützt" sollen wir was bitte verstehen?
Warum hast du unsere Hinweise zur Analyse nicht gelesen bzw umgesetzt?

Fehlende Rückmeldung

Dieser Thread wird wegen fehlender Rückmeldung tonniert.