diff --git a/dissect/target/plugins/apps/remoteaccess/anydesk.py b/dissect/target/plugins/apps/remoteaccess/anydesk.py
index e02ca7d59..0b37f89bf 100644
--- a/dissect/target/plugins/apps/remoteaccess/anydesk.py
+++ b/dissect/target/plugins/apps/remoteaccess/anydesk.py
@@ -15,9 +15,19 @@ class AnydeskPlugin(RemoteAccessPlugin):
 
     __namespace__ = "anydesk"
 
-    # Anydesk log when service (Windows)
-    GLOBS = [
-        "/sysvol/ProgramData/AnyDesk/*.trace",
+    # Anydesk logs when installed as a service
+    SERVICE_GLOBS = [
+        "/sysvol/ProgramData/AnyDesk/*.trace",  # Standard client >= Windows 7
+        "/sysvol/ProgramData/AnyDesk/ad_*/*.trace",  # Custom client >= Windows 7
+        "/var/log/anydesk*.trace",  # Standard/Custom client Linux/MacOS
+    ]
+
+    # User specific Anydesk logs
+    USER_GLOBS = [
+        "appdata/roaming/AnyDesk/*.trace",  # Standard client Windows
+        "appdata/roaming/AnyDesk/ad_*/*.trace",  # Custom client Windows
+        ".anydesk/*.trace",  # Standard client Linux/MacOS
+        ".anydesk_ad_*/*.trace",  # Custom client Linux/MacOS
     ]
 
     def __init__(self, target):
@@ -25,16 +35,17 @@ def __init__(self, target):
 
         self.logfiles = []
 
-        # Check service globs (Windows)
+        # Check service globs
         user = None
-        for log_glob in self.GLOBS:
+        for log_glob in self.SERVICE_GLOBS:
             for logfile in self.target.fs.glob(log_glob):
                 self.logfiles.append([logfile, user])
 
         # Anydesk logs when as user
         for user_details in self.target.user_details.all_with_home():
-            for logfile in user_details.home_path.glob("appdata/roaming/AnyDesk/*.trace"):
-                self.logfiles.append([logfile, user_details.user])
+            for log_glob in self.USER_GLOBS:
+                for logfile in user_details.home_path.glob(log_glob):
+                    self.logfiles.append([logfile, user_details.user])
 
     def check_compatible(self):
         if not (len(self.logfiles)):
@@ -45,10 +56,11 @@ def logs(self):
         """Return the content of the AnyDesk logs.
 
         AnyDesk is a remote desktop application and can be used by adversaries to get (persistent) access to a machine.
-        Log files (.trace files) are retrieved from /ProgramData/AnyDesk/ and AppData/roaming/AnyDesk/
+        Log files (.trace files) are retrieved from various location based on OS and client type.
 
         References:
             - https://www.inversecos.com/2021/02/forensic-analysis-of-anydesk-logs.html
+            - https://support.anydesk.com/knowledge/trace-files#trace-file-locations
         """
         for logfile, user in self.logfiles:
             logfile = self.target.fs.path(logfile)