VirusScan Enterprise 8.5.0i Log Files

This section provides a tutorial example on how to find log files generated by VirusScan Enterprise 8.5.0i, and how to read log file records.

With 3 background services running, McAfee VirusScan Enterprise 8.5.0i is constantly doing its job to protecting the local Windows system. To see if there are any virus related issues, you need to look McAfee's log files.

Go to the folder, C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection. You should see 4 log files:

1. AccessProtectionLog.txt - Recording events captured by the Access Protection Scanner feature. Example of log records:

...
<date time> Blocked by Access Protection rule - NT AUTHORITY\SYSTEM -
 C:\WINDOWS\system32\services.exe - 
 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -
 Common Standard Protection: Prevent termination of McAfee processes -
 Action blocked : Terminate
...

<date time> Would be blocked by Access Protection rule 
 (rule is currently not enforced) - herong - C:\WINDOWS\Explorer.EXE -
 C:\temp\dotnetshow30_300k.exe - 
 Common Standard Protection: Prevent common programs from running 
 files from the Temp folder - Action blocked : Execute

The first example record tells us that McAfee does not allow anyone to terminate the McAfee process: VsTskMgr.exe. The second example record is more interesting. It tells us that McAfee has a setting to block programs to be executed in any temporary folders. But this setting is not turned on. I need to find out how turn on this setting.

2. BufferOverflowProtectionLog.txt - Recording events captured by the Buffer Overflow Scanner feature. This log file is empty on my system. I have no example records to show you.

3. EmailOnDeliveryLog.txt - Recording events captured by email on-access scanner. This log file seems to be in binary format. But I can still take some example records out of it:

<date time> On-Delivery E-mail Scan Started
<date time> Engine version =5300.2777
<date time> AntiVirus DAT version =5424.0000
<date time> Number of detection signatures in EXTRA.DAT =None
<date time> Names of detection signatures in EXTRA.DAT =None
...
Number of attachments scanned: 28
Number of attachments detected: 0
Number of attachments cleaned: 0
Number of attachments deleted: 0
Number of attachments moved: 0
Number of messages deleted: 0
...

4. OnAccessScanLog.txt - Recording events captured by mcshield on-access scanner. Example of log records:

...
<date time> Engine version  =5300.2777
<date time> AntiVirus DAT version =5388.0000
<date time> Number of detection signatures in EXTRA.DAT =None
<date time> Names of detection signatures in EXTRA.DAT =None
...
<date time> Statistics:
<date time> Files scanned: 25161
<date time> Files detected: 0
<date time> Files cleaned: 0
<date time> Files deleted: 0
...

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

McAfee Virus and Malware Protection Tools

 What Is McAfee Security Scan Plus?

 Manual Scan with McAfee Security Scan Plus

 Network Connection List with FPort v2.0

 What Is McAfee VirusScan Enterprise?

 VirusScan Enterprise 8.5.0i Services

 VirusScan Enterprise Startup Programs

VirusScan Enterprise 8.5.0i Log Files

 OnAccessScanLog.txt Log File

 EngQQ2005Formal.exe and Adware Trojan

 Running VirusScan On-Demand Scan

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 Full Version in PDF/ePUB