Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to see ADC's logs include block and Allow ?

Created: 07 Dec 2012 • Updated: 08 Dec 2012 | 7 comments

Hi everybody

I am using SEP 11.x . I often see ADC log for who used USB device :

Then

But..! I can see all device is block...! How can I see all device allow ?

Thanks/Duy

Comments 7 CommentsJump to latest comment

W007's picture

About Application and Device Control reports and logs

http://www.symantec.com/business/support/index?page=content&id=TECH95539

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

Click Advanced Settings:

Select Allow filter:

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

phamduyus's picture

Thanks Brian81

your way only apply for application control. with device control I don't see.

pete_4u2002's picture

did you check this articlew, didn't this help?

how to use symantec endpoint protection (SEP) to monitor the USB device activity

http://www.symantec.com/business/support/index?page=content&id=TECH155578

phamduyus's picture

Thanks Pete_4u2002

I checked this articlew but this one for Application control not for device control :

how to view the record of USB activation?

1: log in SEPM

2: click "Monitor" on the SEPM left panel

3: click " logs" tag

4:choose " application and device control" as log type, choose " application control" as log content.

5: choose the approperal time range and click " view log" button

6: you can find the same information from database table" DBA.AGENT_BEHAVIOR_LOG_2"

pete_4u2002's picture

have you confgured the below before viewing the records

1: log in to Symantec Endpoint Protection Manager Console /SEPM

2: click "Policies"-->click " Application and Device Control" under "View Policies"-->edit or create a new application policy-->click "Application Control" -->on the right panel , enable " Log Files written to USB drivers"

3: click edit button to edit  "Log Files written to USB drives" policy configuration

4: click "Log written to USB drives" under "Log written to USB drives" on the left panel

5: under "Properties" tag ,choose which USB device will be used for this policy, default is " *" which is mean all USB device will be applied with this settings.

6: under " Actions" , if you want to just record the creating, deleting or writing attempts of USB device, please click "enable logging" under "create, delete or write attempt". if you want to record reading attemp either, you need tick "ebable logging" under " read attempt"

7: click "OK" twice and then left click this policy and assign this policy to groups