Symantec Logs

Overview

Evidence: Symantec Logs Description: Collect Symantec Logs Category: Applications Platform: windows Short Name: symntcls Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Symantec Endpoint Protection is an enterprise security solution providing antivirus, anti-malware, firewall, and intrusion prevention. It maintains extensive logs, EVTX event logs, quarantine data, and SDK communication logs across multiple directories.

Data Collected

This collector gathers structured data about symantec logs.

Collection Method

This collector gathers Symantec logs from multiple locations including AV logs, user-specific logs, Windows event logs, quarantine directories, and client communication SDK logs across legacy and current installations.

Forensic Value

Symantec logs provide comprehensive security visibility including virus detections, quarantined files, intrusion prevention alerts, and client-server communications. They're critical for enterprise security investigations and understanding threat distribution across endpoints.