Hi,

 

 

1: Connect to the Symantec Endpoint Protection Manager Console / SEPM

 

2: click on "Policies" -> click on "Application and Device Control" under "View Policies" -> edit or create a new application -> click on "Application Control" -> on the right pane, Enable the option "Log files written on the USB drivers"

 

3: Click Edit button to edit "Log files written to USB drives" policy configuration

 

4: Click on "Connect USB disks written" under "Connection written on USB drives" on the left panel

 

5: In "Properties" tab, select the USB device will be used for this policy, default is "*" means all that is USB will be applied with these parameters.

 

6: under "Actions", if you just want to save the creation, deletion or writing attempts USB device, please click "enable logging" in "create, delete or attempt to writing. " if you want to save or read attemp, you need to check "logging ebable" under "trying to read"

 

7: Click "OK" twice, then left-click the policy and assign the policy to groups

 

how to display the registration activation USB?

 

1: Identify SEPM

 

2: Click "Monitor" on the left panel SEPM

 

3: Click "logs" tag

 

4: select "application control and device" as log type, select "Application Control" as the log contents.

 

5: Choose the time interval approperal and click "View Log" button

 

6: You can find the same information from database table "DBA.AGENT_BEHAVIOR_LOG_2"

 

Ref - http://www.symantec.com/docs/TECH155578

 

Check them out -

 

https://www-secure.symantec.com/connect/forums/how-see-written-activity-usb-drive

 

http://www.symantec.com/docs/TECH96690

 

However read this and IDEA -

 

https://www-secure.symantec.com/connect/idea/files-written-usb-drives-detailed-log

 

https://www-secure.symantec.com/connect/ideas/symantec-endpoint-protection-usb-device-logging