Skip to content

Commit

Permalink
Renamed WindowsEnvironmentVariableAllUsersAppData and clean up #324
Browse files Browse the repository at this point in the history
  • Loading branch information
@joachimmetz
joachimmetz committed Mar 20, 2022
1 parent 907053c commit 62b557a
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 17 deletions.
35 changes: 24 additions & 11 deletions data/antivirus.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@ sources:
- type: FILE
attributes:
paths:
- '%%environ_allusersappdata%%\Microsoft\Microsoft Antimalware\Quarantine\**'
- '%%environ_allusersappdata%%\Microsoft\Windows Defender\Quarantine\**'
- '%%environ_allusersprofile%%\Application Data\Microsoft\Microsoft Antimalware\Quarantine\**'
- '%%environ_allusersprofile%%\Application Data\Microsoft\Windows Defender\Quarantine\**'
- '%%environ_programdata%%\Microsoft\Microsoft Antimalware\Quarantine\**'
- '%%environ_programdata%%\Microsoft\Windows Defender\Quarantine\**'
separator: '\'
supported_os: [Windows]
---
Expand Down Expand Up @@ -85,7 +87,9 @@ sources:
supported_os: [Darwin]
- type: FILE
attributes:
paths: ['%%environ_allusersappdata%%\Sophos\Sophos Anti-Virus\Logs\*']
paths:
- '%%environ_allusersprofile%%\Application Data\Sophos\Sophos Anti-Virus\Logs\*'
- '%%environ_programdata%%\Sophos\Sophos Anti-Virus\Logs\*'
separator: '\'
supported_os: [Windows]
supported_os: [Darwin, Windows]
Expand All @@ -98,7 +102,9 @@ sources:
supported_os: [Darwin]
- type: FILE
attributes:
paths: ['%%environ_allusersappdata%%\Sophos\Sophos Anti-Virus\INFECTED\*']
paths:
- '%%environ_allusersprofile%%\Application Data\Sophos\Sophos Anti-Virus\INFECTED\*'
- '%%environ_programdata%%\Sophos\Sophos Anti-Virus\INFECTED\*'
separator: '\'
supported_os: [Windows]
supported_os: [Darwin, Windows]
Expand All @@ -109,9 +115,12 @@ sources:
- type: FILE
attributes:
paths:
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\*\Data\Logs\*.log'
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\*\Data\Logs\AV\*.log'
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\Logs\AV\*.log'
- '%%environ_allusersprofile%%\Application Data\Symantec\Symantec Endpoint Protection\*\Data\Logs\*.log'
- '%%environ_allusersprofile%%\Application Data\Symantec\Symantec Endpoint Protection\*\Data\Logs\AV\*.log'
- '%%environ_allusersprofile%%\Application Data\Symantec Endpoint Protection\Logs\AV\*.log'
- '%%environ_programdata%%\Symantec\Symantec Endpoint Protection\*\Data\Logs\*.log'
- '%%environ_programdata%%\Symantec\Symantec Endpoint Protection\*\Data\Logs\AV\*.log'
- '%%environ_programdata%%\Symantec\Symantec Endpoint Protection\Logs\AV\*.log'
- '%%users.localappdata%%\Symantec\Symantec Endpoint Protection\Logs\*.log'
separator: '\'
supported_os: [Windows]
Expand All @@ -123,10 +132,14 @@ sources:
- type: FILE
attributes:
paths:
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\**5\*.vbn'
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\Quarantine\**'
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\*\Data\Quarantine\**'
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\*\Data\CmnClnt\ccSubSDK\**'
- '%%environ_allusersprofile%%\Application Data\Symantec\Symantec Endpoint Protection\**5\*.vbn'
- '%%environ_allusersprofile%%\Application Data\environ_programdata%%\Symantec\Symantec Endpoint Protection\Quarantine\**'
- '%%environ_allusersprofile%%\Application Data\environ_programdata%%\Symantec\Symantec Endpoint Protection\*\Data\Quarantine\**'
- '%%environ_allusersprofile%%\Application Data\environ_programdata%%\Symantec\Symantec Endpoint Protection\*\Data\CmnClnt\ccSubSDK\**'
- '%%environ_programdata%%\Symantec\Symantec Endpoint Protection\**5\*.vbn'
- '%%environ_programdata%%\Symantec\Symantec Endpoint Protection\Quarantine\**'
- '%%environ_programdata%%\Symantec\Symantec Endpoint Protection\*\Data\Quarantine\**'
- '%%environ_programdata%%\Symantec\Symantec Endpoint Protection\*\Data\CmnClnt\ccSubSDK\**'
separator: '\'
supported_os: [Windows]
supported_os: [Windows]
15 changes: 10 additions & 5 deletions data/tomcat.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,14 @@ sources:
- type: FILE
attributes:
paths:
- '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\access_log*'
- '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\access_log*'
- '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out'
- '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\catalina.out'
- '%%environ_allusersprofile%%\Application Data\Apache Software Foundation\Tomcat*\logs\**\access_log*'
- '%%environ_allusersprofile%%\Application Data\Apache Software Foundation\Tomcat*\logs\access_log*'
- '%%environ_allusersprofile%%\Application Data\Apache Software Foundation\Tomcat*\logs\**\catalina.out'
- '%%environ_allusersprofile%%\Application Data\Apache Software Foundation\Tomcat*\logs\catalina.out'
- '%%environ_programdata%%\Apache Software Foundation\Tomcat*\logs\**\access_log*'
- '%%environ_programdata%%\Apache Software Foundation\Tomcat*\logs\access_log*'
- '%%environ_programdata%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out'
- '%%environ_programdata%%\Apache Software Foundation\Tomcat*\logs\catalina.out'
- '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\access_log*'
- '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\access_log*'
- '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out'
Expand Down Expand Up @@ -78,7 +82,8 @@ sources:
- type: FILE
attributes:
paths:
- '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml'
- '%%environ_allusersprofile%%\Application Data\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml'
- '%%environ_programdata%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml'
- '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml'
- '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml'
separator: '\'
Expand Down
4 changes: 3 additions & 1 deletion data/windows.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1996,7 +1996,9 @@ doc: Windows Search database (Windows.edb).
sources:
- type: FILE
attributes:
paths: ['%%environ_allusersappdata%%\Microsoft\Search\Data\Applications\Windows\Windows.edb']
paths:
- '%%environ_allusersprofile%%\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb'
- '%%environ_programdata%%\Microsoft\Search\Data\Applications\Windows\Windows.edb'
separator: '\'
supported_os: [Windows]
urls: ['https://forensicswiki.xyz/wiki/index.php?title=Windows_Desktop_Search']
Expand Down

0 comments on commit 62b557a

Please sign in to comment.