ccSubSDK
Symantec Endpoint Protection clients automatically submit pseudonymous information about detections, network, and configuration to Symantec Security Response. Symantec uses this pseudonymous information to address new and changing threats as well as to improve product performance. Pseudonymous data is not directly identified with a particular user. The detection information that clients send includes information about antivirus detections, intrusion prevention, SONAR, and file reputation detections.
submissions.idx
submissions.idx can be found in the following location: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\ccSubSDK\submissions.idx
Header
| Offset | Length | Field | Description |
|---|---|---|---|
| 0 | 4 | Header | Always 0x3216144C |
| 4 | 4 | Unknown | Will require further investigation as to the purpose of this entry. |
| 8 | 4 | Size | Size of submissions.idx |
| 12 | 4 | Unknown | Will require further investigation as to the purpose of this entry. |
| 16 | 4 | Unknown | Will require further investigation as to the purpose of this entry. |
| 20 | 8 | Unknown | Will require further investigation as to the purpose of this entry. |
| 28 | 20 | Unknown | Will require further investigation as to the purpose of this entry. |
Index
Continues to end of file.
| Offset | Length | Field | Description | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | 4 | Header | Always 0x4099C689 | |||||||||||||||||||||||||||||||||
| 4 | 4 | Unknown | Will require further investigation as to the purpose of this entry. | |||||||||||||||||||||||||||||||||
| 8 | 8 | Start of Index | Offset to begining of Index | |||||||||||||||||||||||||||||||||
| 16 | 8 | Start of Last Index | Offset to begining of previous Index | |||||||||||||||||||||||||||||||||
| 24 | 4 | Lenght 1 | Total size of Data including Blowfish Key | |||||||||||||||||||||||||||||||||
| 28 | 4 | Lenght 2 | Actual size of Data including Blowfish Key *If length is 0, record is deleted. |
|||||||||||||||||||||||||||||||||
| 32 | 8 | Unknown | Will require further investigation as to the purpose of this entry. | |||||||||||||||||||||||||||||||||
| 40 | 16 | Blowfish Key | Symmetric-key for Blowfish | |||||||||||||||||||||||||||||||||
| 56 | Length 1 - 16 | Data | Data appears to be in ASN.1 format. It is comprised of a series of tags.
|
{GUID} Files
{GUID} files can be found in the following location: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\ccSubSDK\{GUID}
| Offset | Length | Field | Description | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | 16 | GUID | GUID of dll responsible for submission. | |||||||||||||||||||||||||||||||||
| 16 | 16 | Blowfish Key | Symmetric-key for Blowfish | |||||||||||||||||||||||||||||||||
| 32 | varies | Data | Data appears to be in ASN.1 format. It is comprised of a series of tags.
|
No comments:
Post a Comment