diff --git a/acquire/acquire.py b/acquire/acquire.py
index e7180557..9c196e46 100644
--- a/acquire/acquire.py
+++ b/acquire/acquire.py
@@ -1177,6 +1177,11 @@ class AV(Module):
         ("path", "sysvol/ProgramData/Microsoft/Windows Defender/Scans/History/Service/Detection.log"),
         # Microsoft Safety Scanner
         ("path", "sysvol/Windows/Debug/msert.log"),
+        # Sophos Hitman pro
+        ("path", "sysvol/ProgramData/HitmanPro/Logs/"),
+        ("path", "sysvol/ProgramData/HitmanPro.Alert/Logs/"),
+        ("path", "sysvol/ProgramData/HitmanPro/excalibur.db"),
+        ("path", "sysvol/ProgramData/HitmanPro.Alert/excalibur.db"),
     )