Monitor USB Read/Write/Delete on the SEP clients
SAM_SHAIKH
September 2nd, 2009
Hi,
We are using SEP MR4MP2. We need to create a policy wherein we want the USB drives to be allowed to the users but in the backend all the activities performed by the users such as Writng to USB, Deleting any files to USB, Copying any files from local machine to USB and vice-versa must be tracked.
Although we have enable the policy "Log files written to USB" but when we go to Monitor>Logs>Log type = Application & Device Control>Log Contennt>Application Control here we are able to get the report but it only shows ""File and Folder Access Attempts_File_Write " .
However we want to know if the user has either Copied any file, deleted any file, created any new file in the USB.
Please help me with the same.
Regards,
SAM
I think its not available in
I think its not available in current version.
There is an idea on this... pls vote for that... it may come in future release...
https://www-secure.symantec.com/connect/idea/files...
Check these for info
https://www-secure.symantec.com/connect/forums/log...
https://www-secure.symantec.com/connect/forums/how...
Regards,
Srinivas H.P.
HCL Infosystems Ltd
HI, I tried the below link
HI,
I tried the below link but still its not working.
https://www-secure.symantec.com/connect/forums/how-see-written-activity-usb-drive#comment-2798191
I do remember earler when I was using SEP MR3, i tried creating some policy and it worked for me but currently I do not remember that.
Rgrds,
SAM
Now i configured for a test
Now i configured for a test group and its working(It took some time for the events to come in SEPM logs)...
In the logs i am able to see, caller process(in my care explorer) and target(sylinkdrop.exe which i deletedfrom PEN driver)
Check the policy...
In the action tab... make sure you have ticked "enable logging"..
Regards,
Srinivas H.P.
HCL Infosystems Ltd
Hi, Me too getting the same,
Hi,
Me too getting the same, but the issue is how one will come to know whether it was copied from USB to local machine or from Local machine to USB.
Any Idea on this??
Rgrds,
SAM
Would you like to reply?
Login or Register to post your comment.