Endpoint Protection

 View Only

  • 1.  Application and Device Control Blank Rule ID in Logs

    Posted Jul 23, 2014 10:56 AM

    We are testing Application and Device Control and when we look in the logs we get many lines with Blank Rule Names as below

    Time Stamp Event Type Event Time Severity Host Name Action Test Mode Description API Encoded API Name Begin Time End Time Rule ID Rule Name Caller Process ID Caller Process Name Return Address Return Module Target Alert Send Snmp Trap User Name File Size Device ID IP Address Domain Name Site Name Server Name Group Name Computer Name Action Type Repetition
    7/22/2014 7:08 Tamper Protection ######## Minor Mouse Block 0 HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\ ######## ########     3924 C:\WINDOWS\EXPLORER.EXE HKEY_LOCAL_MACHINE/SOFTWARE/Symantec/Symantec Endpoint Protection/ 1   Mickey     ... Default SEP PROD SEPBEDPROD My Company\MITRE Production Desktop Mouse Block 1


  • 2.  RE: Application and Device Control Blank Rule ID in Logs

    Posted Jul 23, 2014 10:59 AM

    This is from tamper protection, there is no rule name as its separate from ADC but uses the same driver.



  • 3.  RE: Application and Device Control Blank Rule ID in Logs

    Posted Jul 23, 2014 11:32 AM

    How do we exclude this  from the reports ? We are flooded with these reports .

    Thanks

     



  • 4.  RE: Application and Device Control Blank Rule ID in Logs

    Posted Jul 23, 2014 11:49 AM

    You can set it to block and do not log if you wish.

    Go to the Clients page >> select your Group >> Policies tab >> Tamper Protection

    Edit here