lease check below articles,
Policy to LOG activity in a USB drive by Symantec Endpoint Protection (SEP):
http://www.symantec.com/docs/TECH131125
The activity logged can be found in:
- SEP Client > View Logs > Client Management > View Log > Control Log
- The console of Symantec Endpoint Protection Manager (SEPM) > Monitors > Logs > Application and Device Control > Application Control
And you can try this also for notification alerts.
1. Connect to SEPM
2. Go to "Monitors"
3. Go to "Notifications" tab
4. Click on "Notification Conditions" button at the bottom of the console
5. Click on "Add..." and select "Client Security Alert"
6. In the top of the new window, specify condition name, filtering settings (optional) and outbreak type
7. Check "Application Control Events"
8. Specify condition and damper settings
9. Check "Send email to:" and type email address to use
10. Validate