Endpoint Protection

 View Only

  • 1.  How to see ADC's logs include block and Allow ?

    Posted Dec 07, 2012 09:06 PM

    Hi everybody

    I am using SEP 11.x . I often see ADC log for who used USB device :

    Then

    But..! I can see all device is block...! How can I see all device allow ?

    Thanks/Duy



  • 2.  RE: How to see ADC's logs include block and Allow ?

    Posted Dec 07, 2012 09:33 PM

    About Application and Device Control reports and logs

    http://www.symantec.com/business/support/index?page=content&id=TECH95539



  • 3.  RE: How to see ADC's logs include block and Allow ?

    Broadcom Employee
    Posted Dec 07, 2012 10:37 PM

    check this link

    how to use symantec endpoint protection (SEP) to monitor the USB device activite

    http://www.symantec.com/business/support/index?page=content&id=TECH155578

     



  • 4.  RE: How to see ADC's logs include block and Allow ?

    Posted Dec 08, 2012 11:30 AM

    Click Advanced Settings:

     

    Select Allow filter:



  • 5.  RE: How to see ADC's logs include block and Allow ?

    Posted Dec 09, 2012 08:11 PM

    Thanks Brian81

    your way only apply for application control. with device control I don't see.



  • 6.  RE: How to see ADC's logs include block and Allow ?

    Broadcom Employee
    Posted Dec 09, 2012 08:39 PM

    did you check this articlew, didn't this help?

    how to use symantec endpoint protection (SEP) to monitor the USB device activity

    http://www.symantec.com/business/support/index?page=content&id=TECH155578



  • 7.  RE: How to see ADC's logs include block and Allow ?

    Posted Dec 09, 2012 09:35 PM

    Thanks Pete_4u2002

    I checked this articlew but this one for Application control not for device control :


    how to view the record of USB activation?

    1: log in SEPM

    2: click "Monitor" on the SEPM left panel

    3: click " logs" tag

    4:choose " application and device control" as log type, choose " application control" as log content.

    5: choose the approperal time range and click " view log" button

    6: you can find the same information from database table" DBA.AGENT_BEHAVIOR_LOG_2"

     



  • 8.  RE: How to see ADC's logs include block and Allow ?

    Broadcom Employee
    Posted Dec 09, 2012 09:40 PM

    have you confgured the below before viewing the records

    1: log in to Symantec Endpoint Protection Manager Console /SEPM

    2: click "Policies"-->click " Application and Device Control" under "View Policies"-->edit or create a new application policy-->click "Application Control" -->on the right panel , enable " Log Files written to USB drivers"

    3: click edit button to edit  "Log Files written to USB drives" policy configuration

    4: click "Log written to USB drives" under "Log written to USB drives" on the left panel

    5: under "Properties" tag ,choose which USB device will be used for this policy, default is " *" which is mean all USB device will be applied with this settings.

    6: under " Actions" , if you want to just record the creating, deleting or writing attempts of USB device, please click "enable logging" under "create, delete or write attempt". if you want to record reading attemp either, you need tick "ebable logging" under " read attempt"

    7: click "OK" twice and then left click this policy and assign this policy to groups