From 71b7073a1a70c53711db742b4320227333ecc1c9 Mon Sep 17 00:00:00 2001
From: Poeloe <22234727+Poeloe@users.noreply.github.com>
Date: Thu, 1 Feb 2024 01:43:48 -0800
Subject: [PATCH] Collect additional McAfee paths

(DIS-1224)
---
 acquire/acquire.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/acquire/acquire.py b/acquire/acquire.py
index f5fbdcc0..cb10b8b3 100644
--- a/acquire/acquire.py
+++ b/acquire/acquire.py
@@ -1006,6 +1006,19 @@ class AV(Module):
         ("dir", "sysvol/ProgramData/Mcafee/VirusScan"),
         ("dir", "sysvol/ProgramData/McAfee/Endpoint Security/Logs"),
         ("dir", "sysvol/ProgramData/McAfee/MSC/Logs"),
+        ("dir", "sysvol/ProgramData/McAfee/Agent/AgentEvents"),
+        ("dir", "sysvol/ProgramData/McAfee/Agent/logs"),
+        ("dir", "sysvol/ProgramData/McAfee/datreputation/Logs"),
+        ("dir", "sysvol/ProgramData/Mcafee/Managed/VirusScan/Logs"),
+        ("dir", "sysvol/Documents and Settings/All Users/Application Data/McAfee/Common Framework/AgentEvents"),
+        ("dir", "sysvol/Documents and Settings/All Users/Application Data/McAfee/MCLOGS/SAE"),
+        ("dir", "sysvol/Documents and Settings/All Users/Application Data/McAfee/datreputation/Logs"),
+        ("dir", "sysvol/Documents and Settings/All Users/Application Data/McAfee/Managed/VirusScan/Logs"),
+        ("dir", "sysvol/Program Files (x86)/McAfee/DLP/WCF Service/Log"),
+        ("dir", "sysvol/Program Files (x86)/McAfee/ePolicy Orchestrator/Apache2/Logs"),
+        ("dir", "sysvol/Program Files (x86)/McAfee/ePolicy Orchestrator/DB/Events"),
+        ("dir", "sysvol/Program Files (x86)/McAfee/ePolicy Orchestrator/DB/Events/Debug"),
+        ("dir", "sysvol/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/Logs"),
         # RogueKiller
         ("glob", "sysvol/ProgramData/RogueKiller/logs/AdliceReport_*.json"),
         # SUPERAntiSpyware