Where can I find the location of the client log files for Symantec Endpoint Protection? What are the functions of each of the log files? The information can be used for parsing or other data gathering methods.
C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs contain the following log files:
AVMan.log - Antivirus Management plug-in log (contains copies of all antivirus events)
CVE.log Client communication logs (14.2 and up)
CVE-actions.log Client communications actions (14.2 and up)
GUProxy.log - GUP plug-in log (if you have a GUP enabled)