diff --git a/SEPparser.py b/SEPparser.py index 20d1936..49f454d 100644 --- a/SEPparser.py +++ b/SEPparser.py @@ -1327,18 +1327,30 @@ def main(): parser.add_argument("-a", "--append", help="append to output files.", action="store_true") args = parser.parse_args() +sep = ['Symantec Endpoint Protection\\CurrentVersion\\Data\\Logs', 'Symantec Endpoint Protection\\Logs'] +filenames = [] + if not (args.file or args.dir): - parser.error('File or directory must be supplied') + print('Searching for Symantec logs.') + rootDir = '/' + for path, subdirs, files in os.walk(rootDir): + if any(x in path for x in sep): + for name in files: + filenames.append(os.path.join(path, name)) + + if not filenames: + print('No Symantec logs found.') + sys.exit() if args.file: filenames = [args.file] if args.dir: - filenames = [] root = args.dir for path, subdirs, files in os.walk(root): - for name in files: - filenames.append(os.path.join(path, name)) + if any(x in path for x in sep): + for name in files: + filenames.append(os.path.join(path, name)) if args.output: if not os.path.exists(args.output): diff --git a/bin/SEPparser.exe b/bin/SEPparser.exe new file mode 100644 index 0000000..a97ba9b Binary files /dev/null and b/bin/SEPparser.exe differ diff --git a/bin/SEPparser_x86.exe b/bin/SEPparser_x86.exe index cc100e0..83aefd6 100644 Binary files a/bin/SEPparser_x86.exe and b/bin/SEPparser_x86.exe differ diff --git a/testdata/AVMan.log b/testdata/AVMan.log index b4bfe7d..b7b8d15 100644 --- a/testdata/AVMan.log +++ b/testdata/AVMan.log @@ -25,7 +25,7 @@ 00000264 01d36004e05412b7 01d36004bcf22d80 01d36004bcf22d80 00000001 2F0A12001702,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe",0,,0,301 4684 C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE 55 2608 C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe 0 1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A12001702,,,0 000001fe 01d3600db2a94c2f 01d3600da9979000 01d3600da9979000 00000001 2F0A12012420,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe",0,,0,301 5540 C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE 55 1996 C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin64\\snac64.exe 0 1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A12012420,,,0 00000264 01d3600db2a94c2f 01d3600da9979000 01d3600da9979000 00000001 2F0A12012420,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe",0,,0,301 5540 C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE 55 2772 C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe 0 1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A12012420,,,0 -000001fe 01d36209cd215230 01d36209c5678580 01d36209c5678580 00000001 2F0A140E0D2B,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe",0,,0,301 5960 C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE 55 2096 C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin64\\snac64.exe 0 1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A140E0D2B,,,0 +000001fe 01d36209cd215230 01d36209c5678580 01d36209c5678580 00000001 2F0A140E0D2B,45,4,14,computer3,SYSTéM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe",0,,0,301 5960 C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE 55 2096 C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin64\\snac64.exe 0 1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A140E0D2B,,,0 00000264 01d36209cd215230 01d36209c5678580 01d36209c5678580 00000001 2F0A140E0D2B,45,4,14,computer3,SYSTEM,,,,,,,0,"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe",0,,0,301 5960 C:\\PROGRAM FILES\\WINDOWS DEFENDER\\MSMPENG.EXE 55 2780 C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\14.0.2415.0200.105\\Bin\\ccSvcHst.exe 0 1,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,2F0A140E0D2B,,,0 00000170 01d362ee84112fe9 01d362ee819a7c00 01d362ee819a7c00 00000001 2F0A15111F04,3,2,0,computer3,SYSTEM,,,,,,,16777216,"Scan started on all drives and all extensions.",1511186980,,0,,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,doma,48:BA:4E:43:E0:CF,14.0.2415.128,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,0,C8F4ED8F87DB4F4FA644C188A21C064A,0,2F0A15111F04,,,2 000001c0 01d362f3059d0c7f 01d362f2fcfe2c80 01d362f2fcfe2c80 00000001 2F0A15120309,2,2,0,computer3,SYSTEM,,,,,,,16777216,"Scan Complete: Risks: 0 Scanned: 764344 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 43978",1511186980,,0,0:0:764344:0:43978,,,,0,,,,,,,,,,,{3C51E239-BBC2-4A5A-B80B-C3D91745E01E},,,,doma,48:BA:4E:43:E0:CF,14.0.2415.128,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,0,C8F4ED8F87DB4F4FA644C188A21C064A,1925,2F0A15120309,,,2