Skip to main content

Configuration File Credentials

This Module Focuses on McAfee Enterprise Endpoint Security

For a more Extensive Enumeration use the Tool Seatbelt.


Usually, applications need a method to Authenticate to the Domain during both the Installation and Execution phases. For example McAfee Enterprise Endpoint Security, which organizations can use as the Endpoint Detection and response Tool for Security.

McAfee embeds the Credentials used during Installation to Connect back to the Orchestrator in a file called ma.db. This Database File can be retrieved and read with Local Access to the Host to recover the associated Active Directory Service Account.

:: McAfee Database Location
C:\Users\All Users\McAfee\Agent\DB\ma.db
C:\ProgramData\McAfee\Agent\DB\ma.db

  • Upon Extracting the McAfee Encryption Key we can Decrypt it with this Tool.
  • McAfee Password Decryption Tool: GitHub