Endpoint Protection

 View Only

  • 1.  Is it possible to monitor which files are copied?

    Posted Jul 13, 2012 12:07 PM

    Scenario: I'd like to monitor an infrastructure with SEP in order to know which files are copied (let me say, from hard drive to usb pendrive): is it possible to do that?

    I know how to activate a policy in test mode in order to register when a user connect a pendrive to the pc but I only know how to block (or test) the copy of files to that device. I'd like to know "which" files the user tries to copy.

    Please, tell me I have a possibility smiley

     

    Thanks in advance

    PS SEP 11, probabily the customer will migrate to SEP 12.1 in order to control also 64bit OS.



  • 2.  RE: Is it possible to monitor which files are copied?

    Trusted Advisor
    Posted Jul 13, 2012 01:00 PM

    Hello,

    Check this Thread -  https://www-secure.symantec.com/connect/forums/usb-logging

    Hope that helps!!



  • 3.  RE: Is it possible to monitor which files are copied?

    Posted Jul 15, 2012 05:15 AM

    Hi,

    You can only get the information that which of the USB has been connected but not of that which of the data hs been copied.

    This information is fullfilled in other symantec product. That is DLP.

    This idea has already raised by someone hopefully it will be implemented

    https://www-secure.symantec.com/connect/idea/files-written-usb-drives-detailed-log



  • 4.  RE: Is it possible to monitor which files are copied?

    Posted Jul 17, 2012 04:14 AM

    Oh thanks.

    I wonder that the option who says "log..." something in SEP console would feed my needs but I was wrong wink

     

    Thanks a lot



  • 5.  RE: Is it possible to monitor which files are copied?

    Posted Jul 17, 2012 05:10 AM

    What you are Talking about is Copying any data from you Hard Drive to USB or any External Media. For such Solutions Symantec Endpoint will Surely NOT Help you. You can Monitors the Devices being used, Block the Devices,etc

    But to protect the Data you need Symantec Data Loss Solution.

    http://www.symantec.com/theme.jsp?themeid=dlp-family



  • 6.  RE: Is it possible to monitor which files are copied?

    Posted Jul 17, 2012 05:29 AM
      |   view attached

    This thread shows a few screenies on configuring an Application policy for the purpose of logging files copied to USB:

    https://www-secure.symantec.com/connect/forums/log-writen-files-usb

    There's also an old article on Symnatec about it, which used to contain a copy of a A&DC Policy including the "Log Files Written to USB" application rule (as below):

    http://www.symantec.com/docs/TECH155578

    I think they removed the policy download because such a rule was bundled into SEP at some point (RU6MP2 I think).  What version are you using?

    #EDIT#

    Just to clarify for all those nay-sayers, please see the attached screenie from an RU6MP2 SEPM Application Control policy for the rule to "Log Files written to USB".

    Within the SEPM logs, you will see logs for any files that were written to USB drives.  These logs will contain the destination filename and path, plus which SEP Client (machine name) performed the writing.  What you don't have, is the source file name, file shadowing capabilities and the like.

    What info do you need exactly?



  • 7.  RE: Is it possible to monitor which files are copied?

    Posted Aug 18, 2012 07:29 PM

    If your requirement fulfill then pls mark the valid comment as solution.



  • 8.  RE: Is it possible to monitor which files are copied?

    Posted Jan 16, 2013 04:19 AM

    Hello,

    Check this Thread -  https://www-secure.symantec.com/connect/forums/usb-logging