Endpoint Protection

 View Only

  • 1.  Need to know if we can do this with SEP

    Posted Aug 04, 2016 08:04 AM

    Dear All, I need to know if we can do the below with SEP ( appreciate if someone can share the steps as how to do it)

     

    1) Can we generate a report for USB allowed user, if yes how?

    2) AV Scan history ( with SEP can we go back to scan history. We can just find when the last scan has occured)

    3) Can we do blocking for mobile storage when connected to USB? if yes how

    4) how accurate is SEP for logs recived as AV can't clean/ quarantine , are there any false positive that it will say that it can't clean/quarantine files?

     

    your feedback and support is appreciated. Thanks 



  • 2.  RE: Need to know if we can do this with SEP
    Best Answer

    Posted Aug 04, 2016 08:44 AM

    1) Can we generate a report for USB allowed user, if yes how?

    No not possible with SEPM as it is, there is no such explicit report available. you need to export device control log and filter it out manually.

    2) AV Scan history ( with SEP can we go back to scan history. We can just find when the last scan has occurred)

     Go to Monitor --> Logs --> scan log this will give you the scan log history of the machines based on your log retention

    3) Can we do blocking for mobile storage when connected to USB? if yes how

    Yes

    Smart phones and Application and Device Control in Symantec Endpoint Protection

     

    https://www.symantec.com/connect/forums/how-disable-mobile-devices-sepm#comment-10653321

    https://www.symantec.com/connect/forums/need-block-filetransfer-android-device#comment-10078381

     

    4) how accurate is SEP for logs received as AV can't clean/ quarantine , are there any false positive that it will say that it can't clean/quarantine files?

    99 % unless there is someother permission issues. 



  • 3.  RE: Need to know if we can do this with SEP

    Posted Aug 04, 2016 08:48 AM

    Read documentation instead of having other chaps do the works for you

    http://www.symantec.com/docs/DOC7044



  • 4.  RE: Need to know if we can do this with SEP

    Broadcom Employee
    Posted Aug 07, 2016 03:52 PM

    Hi,

    Thank you for posting your query on Symantec community.

    1) Can we generate a report for USB allowed user, if yes how?

    -->  No, there isn't any user specific report. 

    2) AV Scan history ( with SEP can we go back to scan history. We can just find when the last scan has occured)

    -->  Scan log this will make this history available of the machines based on your log retention

    3) Can we do blocking for mobile storage when connected to USB? if yes how

    -->  Yes, we can block mobile storage when connected to USB. You should either block entire USB access or specific device ID's can be blocked. 

    4) how accurate is SEP for logs recived as AV can't clean/ quarantine , are there any false positive that it will say that it can't clean/quarantine files?

    --> There shouldn't be any such issue & it's not reported by any customer as well.