# Webroot Logs

## Overview

**Evidence:** Webroot Logs\
**Description:** Collect Webroot Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** wbrtls\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Webroot SecureAnywhere is a cloud-based antivirus solution that maintains a local log file (WRLog.log) and database files containing threat intelligence, scan results, and cloud-based analysis data.

## Data Collected

This collector gathers structured data about webroot logs.

## Collection Method

This collector gathers Webroot's main log file and associated database files from the WRData directory in ProgramData, which contain local security event data.

## Forensic Value

Webroot logs provide insights into cloud-based threat detections, behavioral analysis, and security events. The database files contain threat classification and system monitoring data valuable for investigations.