dissect.target icon indicating copy to clipboard operation
dissect.target copied to clipboard
verified publisher icon fox-it

McAfee Endpoint Security ATP parser

Open respondersGY opened this issue 4 months ago • 0 comments

Extend the McAfee plugin with a function that parses the JSON files at the path sysvol/ProgramData/McAfee/Endpoint Security/ATP.

Please note that these JSON files also contain unnecessary data related to the operation of the software.

References

  • Relates to https://github.com/fox-it/acquire/pull/260
  • https://thrive.trellix.com/s/article/KB90859?language=en_US
  • https://docs.trellix.com/bundle/endpoint-security-10.7.x-product-guide-windows/page/UUID-1f7b6c60-5822-b7ab-3ff5-c6c293f3a6ae.html

respondersGY avatar Aug 12 '25 11:08 respondersGY