if you have the proper rule in place it should give you detailed info but the product that can do all this is Endpoint Encryption - Device Control
What you can do from the logs
Article:HOWTO81161 |
| |
Created: 2012-10-24 |
| |
Updated: 2013-01-30 |
| |
Article URL http://www.symantec.com/docs/HOWTO81161 |
The Application Control log and the Device Control log contain information about events where some type of behavior was blocked.
The following Application and Device Control logs are available:
Available information includes the time the event occurred, the action taken, and the domain and computer that were involved. It also includes the user that was involved, the severity, the rule that was involved, the caller process, and the target.
You can create an application control or Tamper Protection exception from the Application Control log.
See Specifying how Symantec Endpoint Protection handles monitored applications.