`mcafee.msc`¶

$ target-query <path/to/target> -f mcafee.msc

Details¶
Module	`dissect.target.plugins.apps.av.mcafee.McAfeePlugin`
Output	`records`

Module documentation

McAfee antivirus plugin.

Function documentation

Return msc log history records from McAfee.

Yields McAfeeMscLogRecord with the following fields:

hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): timestamp.
ip (net.ipadress): IP of suspicious connection (if available).
tcp_port (net.tcp.Port): TCP Port of suspicious incoming connection (if available).
udp_port (net.udp.Port): UDP Port of suspicious incoming connection (if available).
threat (string): Description of the detected threat (if available).
message (string): Message as reported in the user interface (might include template slots).
keywords (string): Unparsed fields that might be visible in user interface.
fkey (string): Foreign key for reference for further investigation.

mcafee.msc¶

`mcafee.msc`¶