Symantec Endpoint Protection Logs
Symantec Management Client (smc) does not show the entire contents of the log. smc.exe has an -exportlog commandline switch where you can select a log type to export. Log_type numbers are as follows:
- 0 = System Log
- 1 = Security Log
- 2 = Traffic Log
- 3 = Packet Log
- 4 = Control Log
- 0 = syslog.log
- 1 = seclog.log
- 2 = tralog.log
- 3 = rawlog.log
- 4 = processlog.log
Log File Structure
- Client Management System Log
- Client Management Security Log
- Network and Host Exploit Mitigation Traffic Log
- Network and Host Exploit Mitigation Packet Log
- Client Management Control Log
Symantec Endpoint Protection VBN Files
Folder structure makes a difference in what is contained in the vbn file. SEP quarantine files are located in C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Quarantine. In the quarantine folder, there is a vbn file and a folder with the same name as the vbn file.
- Symantec Endpoint Protection VBN Files
- VBN file format v1 (containing quarantine file)
- VBN file format v2 (containing quarantine file)
- VBN log line information
No comments:
Post a Comment