This content has been marked as final. Show 2 replies
Forgot to mention
McAfee Agent uses the following logs:
The macmnsvc.exe process hosts services including peer-to-peer, relay, SuperAgent, agent wake-up, and SuperAgent wake-up. The macmnsvc_<hostname>.log captures logging related to these functions. In addition, it captures the logging related to message bus broker and operations performed by message bus architecture based point products (for example, Threat Intelligence Exchange and Data Exchange Layer).
The macompatsvc.exe service is a compatibility service for masvc. This service is responsible for compatibility of the McAfee Agent with plugin and Local Procedure Call (LPC) based point products. The macompatsvc_<hostname>.log captures the operations performed on plugin and LPC based point products.
The masvc.exe service is responsible for property collection, policy enforcement, task scheduling, agent-to-server communication, and trigger update sessions. The masvc_<hostname>.log captures logging related to these operations.
- McScript.log (not new, carried over from McAfee Agent 4.x)
When masvc.exe triggers an update, McScript.exe and McScript_InUser.exe are invoked and responsible for the updater (install/uninstall/update) session. The McScript.log captures details related to the update session, for example, the repository from which the file is downloaded, file download status, install/uninstall script execution, and update session status details.
The marepomirror.exe process is responsible for repository mirroring. When the mirror task is invoked, marepomirror_<hostname>.log captures all operations related to mirroring.
The logs are stored in the following locations:
- Windows: C:\ProgramData\McAfee\Common Framework\logs
- Non-Windows: /var/McAfee/agent/logs