Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
VirusScan Enterprise 8.5.0i Log Files
This section provides a tutorial example on how to find log files generated by VirusScan Enterprise 8.5.0i, and how to read log file records.
With 3 background services running, McAfee VirusScan Enterprise 8.5.0i is constantly doing its job to protecting the local Windows system. To see if there are any virus related issues, you need to look McAfee's log files.
Go to the folder, C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection. You should see 4 log files:
1. AccessProtectionLog.txt - Recording events captured by the Access Protection Scanner feature. Example of log records:
... <date time> Blocked by Access Protection rule - NT AUTHORITY\SYSTEM - C:\WINDOWS\system32\services.exe - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe - Common Standard Protection: Prevent termination of McAfee processes - Action blocked : Terminate ... <date time> Would be blocked by Access Protection rule (rule is currently not enforced) - herong - C:\WINDOWS\Explorer.EXE - C:\temp\dotnetshow30_300k.exe - Common Standard Protection: Prevent common programs from running files from the Temp folder - Action blocked : Execute
The first example record tells us that McAfee does not allow anyone to terminate the McAfee process: VsTskMgr.exe. The second example record is more interesting. It tells us that McAfee has a setting to block programs to be executed in any temporary folders. But this setting is not turned on. I need to find out how turn on this setting.
2. BufferOverflowProtectionLog.txt - Recording events captured by the Buffer Overflow Scanner feature. This log file is empty on my system. I have no example records to show you.
3. EmailOnDeliveryLog.txt - Recording events captured by email on-access scanner. This log file seems to be in binary format. But I can still take some example records out of it:
<date time> On-Delivery E-mail Scan Started <date time> Engine version =5300.2777 <date time> AntiVirus DAT version =5424.0000 <date time> Number of detection signatures in EXTRA.DAT =None <date time> Names of detection signatures in EXTRA.DAT =None ... Number of attachments scanned: 28 Number of attachments detected: 0 Number of attachments cleaned: 0 Number of attachments deleted: 0 Number of attachments moved: 0 Number of messages deleted: 0 ...
4. OnAccessScanLog.txt - Recording events captured by mcshield on-access scanner. Example of log records:
... <date time> Engine version =5300.2777 <date time> AntiVirus DAT version =5388.0000 <date time> Number of detection signatures in EXTRA.DAT =None <date time> Names of detection signatures in EXTRA.DAT =None ... <date time> Statistics: <date time> Files scanned: 25161 <date time> Files detected: 0 <date time> Files cleaned: 0 <date time> Files deleted: 0 ...
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
►McAfee Virus and Malware Protection Tools
What Is McAfee Security Scan Plus?
Manual Scan with McAfee Security Scan Plus
Network Connection List with FPort v2.0
What Is McAfee VirusScan Enterprise?
VirusScan Enterprise 8.5.0i Services
VirusScan Enterprise Startup Programs
►VirusScan Enterprise 8.5.0i Log Files
EngQQ2005Formal.exe and Adware Trojan
Running VirusScan On-Demand Scan
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal