Symantec Logs
Overview
Section titled “Overview”Evidence: Symantec Logs
Description: Collect Symantec Logs
Category: Applications
Platform: windows
Short Name: symntcls
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Symantec Endpoint Protection is an enterprise security solution providing antivirus, anti-malware, firewall, and intrusion prevention. It maintains extensive logs, EVTX event logs, quarantine data, and SDK communication logs across multiple directories.
Data Collected
Section titled “Data Collected”This collector gathers structured data about symantec logs.
Collection Method
Section titled “Collection Method”This collector gathers Symantec logs from multiple locations including AV logs, user-specific logs, Windows event logs, quarantine directories, and client communication SDK logs across legacy and current installations.
Forensic Value
Section titled “Forensic Value”Symantec logs provide comprehensive security visibility including virus detections, quarantined files, intrusion prevention alerts, and client-server communications. They’re critical for enterprise security investigations and understanding threat distribution across endpoints.