About Application and Device Control reports and logs

Article:TECH95539  |  Created: 2009-01-14  |  Updated: 2011-11-26  |  Article URL http://www.symantec.com/docs/TECH95539
Article Type
Technical Solution


Issue



Information is required about the various Application and Device Control reports and logs.


Solution



About the information in the Application Control and Device Control reports and logs


    Application Control and Device Control logs and reports contain information about the following types of events:
      • Access to a computer entity was blocked
      • A device was kept off the network

    Files, registry keys, and processes are examples of computer entities. The information that is available includes items such as the time and the event type; the action taken; the host, and the rule involved. It also contains the caller process that was involved. These logs and these reports include information about the Application and Device Control Policies and Tamper Protection.

    The table below describes some typical uses for the kind of information that you can get from Application Control and Device Control reports and logs.

    Report or log Typical uses
    Top Groups with most Alerted Application Control Logs Use this report to check which groups are most at risk in your network.
    Top Targets Blocked Use this report to check which files, processes, and other entities are used most frequently in attacks against your network.
    Top Devices Blocked Use this report to find out which devices are the most problematic from the standpoint of compromising your network's security.
    Application Control log Use this log to see information about the following entities:
    • The actions that were taken in response to events
    • The processes that were involved in the events
    • The rule names that were applied from the policy when an application's access is blocked
    Device Control log Use this log when you need to see Device Control details, such as the exact time that Device Control enabled or disabled devices. This log also displays information such as the name of the computer, its location, the user who was logged on, and the operating system involved.



References
About the different types of Symantec Endpoint Protection Manager Reports

 



Legacy ID



2009081410023948


Article URL http://www.symantec.com/docs/TECH95539


Terms of use for this information are found in Legal Notices