Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Monitor USB Read/Write/Delete on the SEP clients

Updated: 21 May 2010 | 4 comments
SAM_SHAIKH's picture
SAM_SHAIKH
0 0 Votes
Login to vote

Hi,

We are using SEP MR4MP2. We need to create a policy wherein we want the USB drives to be allowed to the users but in the backend all the activities performed by the users such as Writng to USB, Deleting any files to USB, Copying any files from local machine to USB and vice-versa must be tracked.

Although we have enable the policy "Log files written to USB" but when we go to Monitor>Logs>Log type = Application & Device Control>Log Contennt>Application Control  here we  are able to get the report but it only shows ""File and Folder Access Attempts_File_Write " .

However we want to know if the user has either Copied any file, deleted any file, created any new file in the USB.

Please help me with the same.

Regards,
SAM

discussion Filed Under:
, , ,

Comments

shp's picture
02
Sep
2009
1 Vote +1
Login to vote
shp

I think its not available in

I think its not available in current version.
There is an idea on this... pls vote for that... it may come in future release...

https://www-secure.symantec.com/connect/idea/files...

Check these for info

https://www-secure.symantec.com/connect/forums/log...

https://www-secure.symantec.com/connect/forums/how...

Regards,
Srinivas H.P.
HCL Infosystems Ltd

SAM_SHAIKH's picture
02
Sep
2009
0 Votes 0
Login to vote
SAM_SHAIKH

HI, I tried the below link

HI,

I tried the below link but still its not working.

https://www-secure.symantec.com/connect/forums/how-see-written-activity-usb-drive#comment-2798191

I do remember earler when I was using SEP MR3, i tried creating some policy and it worked for me but currently I do not remember that.

Rgrds,
SAM

shp's picture
03
Sep
2009
0 Votes 0
Login to vote
shp

Now i configured for a test

Now i configured for a test group and its working(It took some time for the events to come in SEPM logs)...

In the logs i am able to see, caller process(in my care explorer) and target(sylinkdrop.exe which i deletedfrom  PEN driver)

Check the policy...  
In the action tab... make sure you have ticked "enable logging"..

Regards,
Srinivas H.P.
HCL Infosystems Ltd

SAM_SHAIKH's picture
03
Sep
2009
0 Votes 0
Login to vote
SAM_SHAIKH

Hi, Me too getting the same,

Hi,

Me too getting the same, but the issue is how one will come to know whether it was copied from USB to local machine or from Local machine to USB.

Any Idea on this??

Rgrds,
SAM

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,916