Skip to content
AIR Knowledge Base

McAfee Logs

Overview

Section titled “Overview”

Evidence: McAfee Logs
Description: Collect McAfee Logs
Category: Applications
Platform: windows
Short Name: mcafels
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

McAfee is an enterprise security suite that includes Endpoint Security, VirusScan, and Host Intrusion Prevention (HIPS). It maintains extensive logs across multiple components for virus detection, system scans, and intrusion prevention activities.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about mcafee logs.

Collection Method

Section titled “Collection Method”

This collector gathers McAfee logs from various product components including Desktop Protection, Endpoint Security, VirusScan, and Host Intrusion Prevention across both legacy and current installations.

Forensic Value

Section titled “Forensic Value”

McAfee logs provide comprehensive security visibility including malware detections, HIPS alerts, scan results, and intrusion attempts. They’re critical for investigating security incidents, understanding threat landscape, and analyzing endpoint protection effectiveness.