Endpoint Protection

I am new to Endpoint Protection and I am wondering if Centralized Exceptions (Set to Log Only) would show up in the reports run from SEPM and if the answer is no where exactly is the centralized exception logged to?

Thanks in advance.

Hi,

If you want to check the effectiveness of the centralized exceptions you have created, you can go to Monitors->Logs->Log Type=Scan . Click on View Log

In the logs shown as a result, there is a column by the name "Omitted"

I think this is the log you can use to find the information you need.

Best,
Aniket

1 On the Monitors tab, click the Logs tab.
2 In the Log type drop-down list, select one of the following options:
■ Risk
■ TruScan Proactive Threat Scan
■ Application and Device Control
3 If you selected Application and Device Control, select Application Control
from the Log content list.
4 Click View Log.
 

I guess what I am really looking for is a list of machines that have scanned positive for and "only logged" the precence of a specific risk in a centralized exception policy.

When I run the Scan reports I see the omitted column, but it just lists a number and not the actual file that was omitted.

If I look at the Risk logs in the monitor tab and search for the past year I don't see any instance of the centralized exception in the log, but I just want to confirm that this is where the Centralized Exception would "Log only".

Thanks in Advance.