Video Screencast Help
Search Video Help Close Back
to help

How to see ADC's logs include block and Allow ?

Created: 07 Dec 2012 | Updated: 08 Dec 2012 | 7 comments
phamduyus's picture
phamduyus
0 0 Votes
Login to vote

Hi everybody

I am using SEP 11.x . I often see ADC log for who used USB device :

Then

But..! I can see all device is block...! How can I see all device allow ?

Thanks/Duy

Discussion Filed Under:
, , ,

Comments 7 CommentsJump to latest comment

ManishS's picture
ManishS
How to see ADC's logs include block and Allow ? - Comment:07 Dec 2012 : Link

About Application and Device Control reports and logs

http://www.symantec.com/business/support/index?page=content&id=TECH95539

Thanks In Advance.

Manish

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
How to see ADC's logs include block and Allow ? - Comment:07 Dec 2012 : Link

check this link

how to use symantec endpoint protection (SEP) to monitor the USB device activite

http://www.symantec.com/business/support/index?page=content&id=TECH155578

 

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
Brian81's picture
Brian81 Trusted Advisor
How to see ADC's logs include block and Allow ? - Comment:08 Dec 2012 : Link

Click Advanced Settings:

 

Select Allow filter:

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
phamduyus's picture
phamduyus
How to see ADC's logs include block and Allow ? - Comment:09 Dec 2012 : Link

Thanks Brian81

your way only apply for application control. with device control I don't see.

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
How to see ADC's logs include block and Allow ? - Comment:09 Dec 2012 : Link

did you check this articlew, didn't this help?

how to use symantec endpoint protection (SEP) to monitor the USB device activity

http://www.symantec.com/business/support/index?page=content&id=TECH155578

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
phamduyus's picture
phamduyus
How to see ADC's logs include block and Allow ? - Comment:09 Dec 2012 : Link

Thanks Pete_4u2002

I checked this articlew but this one for Application control not for device control :

how to view the record of USB activation?

1: log in SEPM

2: click "Monitor" on the SEPM left panel

3: click " logs" tag

4:choose " application and device control" as log type, choose " application control" as log content.

5: choose the approperal time range and click " view log" button

6: you can find the same information from database table" DBA.AGENT_BEHAVIOR_LOG_2"

 

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
How to see ADC's logs include block and Allow ? - Comment:09 Dec 2012 : Link

have you confgured the below before viewing the records

1: log in to Symantec Endpoint Protection Manager Console /SEPM

2: click "Policies"-->click " Application and Device Control" under "View Policies"-->edit or create a new application policy-->click "Application Control" -->on the right panel , enable " Log Files written to USB drivers"

3: click edit button to edit  "Log Files written to USB drives" policy configuration

4: click "Log written to USB drives" under "Log written to USB drives" on the left panel

5: under "Properties" tag ,choose which USB device will be used for this policy, default is " *" which is mean all USB device will be applied with this settings.

6: under " Actions" , if you want to just record the creating, deleting or writing attempts of USB device, please click "enable logging" under "create, delete or write attempt". if you want to record reading attemp either, you need tick "ebable logging" under " read attempt"

7: click "OK" twice and then left click this policy and assign this policy to groups

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

+1
Login to vote