Showing results for 
Search instead for 
Did you mean: 

Anti-Virus Connectors

Currently supported Anti-Virus connectors are:

AVG 7.5 Network
AVG DataCenter 7.5
AVG DataCenter 8.0

Bromium vSentry
Command Antivirus for Windows
Command for Exchange Server
CrowdStrike Falcon
Cylance Next Generation Anti-Virus
eEye Blink Professional Endpoint Protection
ESET NOD32 Syslog
ESET Remote Administrator
F-Secure Anti-Virus 7
F-Secure Policy Manager Server 10
F-Secure syslog
Forefront Endpoint Protection
Forefront Security Application Log (Client Security, Exchange and Sharepoint)
Forefront Security SQL Database
Forefront Security System Log (Client Security)
Group Shield/Outbreak for Exchange Server
InoculateIT 7.0+
InoculateIT v6
Kaspersky Administration Kit 8
Kaspersky Administration Kit 8 - Extended
Kaspersky Anti-Virus 10
Kaspersky Anti-Virus 6
Kaspersky events via Windows Event Log
Kaspersky Security Center
Kaspersky Security Center - Extended

McAfee Access Protection
McAfee Activity Log (4.5 DAT File update)
McAfee Mail Scan
McAfee NetShield
McAfee On Access Scan v7.0
McAfee Total Protection
McAfee Update v7.0
McAfee VSC
McAfee VSH 5.0/7.0
McAfee VSH 80i
McAfee VSH 85i
McAfee VSH Home
McAfee Web Email Scan

Microsoft Enhanced Mitigation Experience Toolkit (EMET)
Microsoft Security Essentials
NOD Antivirus 4 Access Event
NOD Antivirus 4 Access Scan
NOD Antivirus 4 Access Threat
NOD Antivirus 4 SQL Event
NOD Antivirus 4 SQL Scan
NOD Antivirus 4 SQL Threat
NOD Antivirus 5 Access Event
NOD Antivirus 5 Access Scan
NOD Antivirus 5 SQL Event
NOD Antivirus 5 SQL Firewall
NOD Antivirus 5 SQL Scan
NOD Antivirus 5 SQL Threat

Palto Alto Advanced Endpoint Protection Traps
Panda Security for Desktops 4.02
Sophos Anti-Virus for Win2k
Sophos Anti-Virus SNMP

Sophos Central Cloud Endpoint Protection
Sophos Enterprise 2.0 Database
Sophos Enterprise 3.0 Database
Sybari's Antigen 7.0 for Exchange Server 2000
Symantec Corp Antivirus
Symantec Endpoint Protection 11
Symantec Endpoint Protection Small Business Edition
Symantec Protection Engine

Trend Micro Control Manager
Trend IMSS
Trend IMSS Policy
Trend IMSS Virus
Trend InterScan
Trend Office Scan
Trend ScanMail
Trend Server Protect
VIPRE Business - System Events 4.0
VIPRE Business 4.0
VIPRE Enterprise 3.1
Webroot Antispyware Corporate Edition

Windows Defender - Health Center

Windows Defender - Operational


Why don't you support AV Defender? Its in your MSP solution.

Support for System Center Endpoint Protection (SCCM)?

Hi Scott - LEM does not currently have connectors available for SCCM Endpoint Protection. SCCM generates four log files relating to Endpoint Protection which you can view here. Do you need to ingest logs from a specific log file? If you can provide a log sample to me, I can determine the feasibility of supporting these logs.

Thanks for the quick response. We’re looking for Log Management and am trying to find a tool that can support our systems. I’ll take a look at those log locations when I get a free moment.



Scott Mickelson

APEX IT Consulting


Hi, How can I request support for Panda Security' Endpoint Protection, Endpoint Protection Plus, Adaptive Defence and Adaptive Defence 360 products.


Hi Tony - you can submit a Technical Support ticket to request support for the Panda products. They will request some information from you, including a log sample to determine if we can build a connector for you.

Is there somewhere that shows exactly what the Cylance connector is doing and how to configure it properly?

The Cylance connector parses syslog from CylanceProtect and can be configured in the same manner as the other syslog connectors in LEM. You'll first need to configure Cylance to send syslog to LEM via Settings > Application. From there you can go to Integrations > Syslog/SIEM. Use the UDP protocol, port 514 and the IP address of your LEM appliance. By default, the connector is looking for logs under local2.log so you can select Local2.log under 'Facility' in the Cylance settings, but this is customizable.

Let me know if you have any questions!

Hi jhynds​ !

I have some questions about McAfee connectors. I would like monitoring my antivirus activity : McAfee VirusScan Enterprise 8.7.0i, so I add required connectors in LEM with the good path log destination. Connectors are :

  • McAfee Access Protection
  • McAfee On Access Scan v7.0
  • McAfee Update v7.0.

However, when i test virus activity with an antivirus test file, no logs from my agent appear in lem console.

My antivirus isn't compatible ? Or the problem is connector configuration ?

Thanks a lot for advise,

Please help the novices and go back a step:  they'll want to know what systems need anti-virus connectors, how firewalls play roles in this, exactly how Solarwinds products (and which of those products) support AV Connectors, etc.

Version history
Revision #:
1 of 1
Last update:
‎05-30-2017 01:15 PM
Updated by: