Skip to content

Anti-virus!

This section will cover various anti-virus locations.

While mostly sticking to the theme of logs, this may also dip into artefacts and quarantine locations as they are identified.

There are not a lot of articles describing the logging available from each vendor and therefore there are references when they are available. Some of the data collected here will be dependant on what people have seen in investigations, and also what they have researched/identified as important. It should not be considered exhaustive.

Other things to consider with regards to AV logs:

  • Sometimes it's easier to export the logs from the console (this isn't always possible).
  • Sometimes logs are sent off to the cloud, and exporting from here will be easier.
  • It's possible that there is more data available for analysis than the interface leads you to believe.