SCEP：在实时和常规扫描仪中模拟潜在威胁来检查日志

Question

就“常规”扫描仪而言，它%systemdrive%\ProgramData\Microsoft\Microsoft Antimalware\Support\ MPLog-XXXXXXXX-XXXXXX.log提供了丰富的信息。

以下是一些值得搜索的有趣模式：

Threat Name # record(s) of malware detection 
signature updated via # self-explanatory 
scan source # record of scheduled scan/running scan on demand 
Expensive file # expensive i.e. large files found during a scan (this information can be used to enhance scanning performance)

无论如何，实时检测显然没有写入上述文件中！

Answer 1

就“常规”扫描仪而言，它%systemdrive%\ProgramData\Microsoft\Microsoft Antimalware\Support\ MPLog-XXXXXXXX-XXXXXX.log提供了丰富的信息。

以下是一些值得搜索的有趣模式：

Threat Name # record(s) of malware detection 
signature updated via # self-explanatory 
scan source # record of scheduled scan/running scan on demand 
Expensive file # expensive i.e. large files found during a scan (this information can be used to enhance scanning performance)

无论如何，实时检测显然没有写入上述文件中！

SCEP：在实时和常规扫描仪中模拟潜在威胁来检查日志

答案1

相关内容