Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

track the USB

Created: 01 Jan 2013 • Updated: 27 Jul 2014 | 4 comments
This issue has been solved. See solution.

any possibility to track the USB throughout symantec endpoint management server.

ADC policy is configured. If it is possible then please share the steps.

thanks in advance.

Comments 4 CommentsJump to latest comment

.Brian's picture

Do you mean configure logging?

You need to enable logging on the Action tab. See here:

http://www.symantec.com/business/support/index?pag...

https://www-secure.symantec.com/connect/forums/vie...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Ashish-Sharma's picture
Hi,
 
 
1: Connect to the Symantec Endpoint Protection Manager Console / SEPM
 
2: click on "Policies" -> click on "Application and Device Control" under "View Policies" -> edit or create a new application -> click on "Application Control" -> on the right pane, Enable the option "Log files written on the USB drivers"
 
3: Click Edit button to edit "Log files written to USB drives" policy configuration
 
4: Click on "Connect USB disks written" under "Connection written on USB drives" on the left panel
 
5: In "Properties" tab, select the USB device will be used for this policy, default is "*" means all that is USB will be applied with these parameters.
 
6: under "Actions", if you just want to save the creation, deletion or writing attempts USB device, please click "enable logging" in "create, delete or attempt to writing. " if you want to save or read attemp, you need to check "logging ebable" under "trying to read"
 
7: Click "OK" twice, then left-click the policy and assign the policy to groups
 
how to display the registration activation USB?
 
1: Identify SEPM
 
2: Click "Monitor" on the left panel SEPM
 
3: Click "logs" tag
 
4: select "application control and device" as log type, select "Application Control" as the log contents.
 
5: Choose the time interval approperal and click "View Log" button
 
6: You can find the same information from database table "DBA.AGENT_BEHAVIOR_LOG_2"
 
Ref - http://www.symantec.com/docs/TECH155578
 
Check them out -
 
https://www-secure.symantec.com/connect/forums/how-see-written-activity-usb-drive
 
http://www.symantec.com/docs/TECH96690
 
However read this and IDEA -
 
https://www-secure.symantec.com/connect/idea/files-written-usb-drives-detailed-log
 
https://www-secure.symantec.com/connect/ideas/symantec-endpoint-protection-usb-device-logging

Thanks In Advance

Ashish Sharma

Ashish-Sharma's picture

Hi,

Do you need any more help here??

Thanks In Advance

Ashish Sharma