updated binaries

Beercow · Jun 27, 2019 · 4bb1506 · 4bb1506
1 parent 7dca667
commit 4bb1506
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 5 deletions.
diff --git a/SEPparser.py b/SEPparser.py
@@ -1327,18 +1327,30 @@ def main():
 parser.add_argument("-a", "--append", help="append to output files.", action="store_true")
 args = parser.parse_args()
 
+sep = ['Symantec Endpoint Protection\\CurrentVersion\\Data\\Logs', 'Symantec Endpoint Protection\\Logs']
+filenames = []
+
 if not (args.file or args.dir):
-    parser.error('File or directory must be supplied')
+    print('Searching for Symantec logs.')
+    rootDir = '/' 
+    for path, subdirs, files in os.walk(rootDir):
+        if any(x in path for x in sep):
+            for name in files:
+                filenames.append(os.path.join(path, name))
+
+    if not filenames:
+        print('No Symantec logs found.')
+        sys.exit()
 
 if args.file:
     filenames = [args.file]
 
 if args.dir:
-    filenames = []
     root = args.dir
     for path, subdirs, files in os.walk(root):
-        for name in files:
-            filenames.append(os.path.join(path, name))
+        if any(x in path for x in sep):
+            for name in files:
+                filenames.append(os.path.join(path, name))
 
 if args.output:
     if not os.path.exists(args.output):

diff --git a/bin/SEPparser.exe b/bin/SEPparser.exe
diff --git a/bin/SEPparser_x86.exe b/bin/SEPparser_x86.exe
diff --git a/testdata/AVMan.log b/testdata/AVMan.log
@@ -25,7 +25,7 @@
 00000264	01d36004e05412b7	01d36004bcf22d80	01d36004bcf22d80	00000001	2F0A12001702,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe",0,,0,301	4684	C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE	55	2608	C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe	C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe	0	1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A12001702,,,0
 000001fe	01d3600db2a94c2f	01d3600da9979000	01d3600da9979000	00000001	2F0A12012420,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe",0,,0,301	5540	C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE	55	1996		C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin64\\snac64.exe	0	1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A12012420,,,0
 00000264	01d3600db2a94c2f	01d3600da9979000	01d3600da9979000	00000001	2F0A12012420,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe",0,,0,301	5540	C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE	55	2772	C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe	C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe	0	1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A12012420,,,0
-000001fe	01d36209cd215230	01d36209c5678580	01d36209c5678580	00000001	2F0A140E0D2B,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe",0,,0,301	5960	C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE	55	2096		C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin64\\snac64.exe	0	1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A140E0D2B,,,0
+000001fe	01d36209cd215230	01d36209c5678580	01d36209c5678580	00000001	2F0A140E0D2B,45,4,14,computer3,SYST�M,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe",0,,0,301	5960	C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE	55	2096		C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin64\\snac64.exe	0	1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A140E0D2B,,,0
 00000264	01d36209cd215230	01d36209c5678580	01d36209c5678580	00000001	2F0A140E0D2B,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe",0,,0,301	5960	C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE	55	2780	C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe	C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe	0	1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A140E0D2B,,,0
 00000170	01d362ee84112fe9	01d362ee819a7c00	01d362ee819a7c00	00000001	2F0A15111F04,3,2,0,computer3,SYSTEM,,,,,,,16777216,"Scan started on all drives and all extensions.",1511186980,,0,,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,doma,48:BA:4E:43:E0:CF,14.0.2415.128,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,0,C8F4ED8F87DB4F4FA644C188A21C064A,0,2F0A15111F04,,,2
 000001c0	01d362f3059d0c7f	01d362f2fcfe2c80	01d362f2fcfe2c80	00000001	2F0A15120309,2,2,0,computer3,SYSTEM,,,,,,,16777216,"Scan Complete:  Risks: 0   Scanned: 764344   Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 43978",1511186980,,0,0:0:764344:0:43978,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,doma,48:BA:4E:43:E0:CF,14.0.2415.128,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,0,C8F4ED8F87DB4F4FA644C188A21C064A,1925,2F0A15120309,,,2