Video Screencast Help

USB enable alerts

Created: 23 Sep 2013 | 2 comments

HI,

 

I have 12.1.3 SEPM with 2008 R2 and SEPM intigrate with AD and we have create a saprate policy for usb enable and apply on perticula OU. So that when some one request for usb allow then windows team moved system in respactive OU. So i want to configure alert system when some one will allowed usb then we will received alerts for that.

 

Thanks in Advance

Operating Systems:

Comments 2 CommentsJump to latest comment

Rafeeq's picture

lease check below articles,

Policy to LOG activity in a USB drive by Symantec Endpoint Protection (SEP):

http://www.symantec.com/docs/TECH131125

 The activity logged can be found in:
- SEP Client > View Logs > Client Management > View Log > Control Log
- The console of Symantec Endpoint Protection Manager (SEPM) > Monitors > Logs > Application and Device Control > Application Control

 

And you can try this also for notification alerts.

1. Connect to SEPM

2. Go to "Monitors"

3. Go to "Notifications" tab

4. Click on "Notification Conditions" button at the bottom of the console

5. Click on "Add..." and select "Client Security Alert"

6. In the top of the new window, specify condition name, filtering settings (optional) and outbreak type

7. Check "Application Control Events"

8. Specify condition and damper settings

9. Check "Send email to:" and type email address to use

10. Validate

SMLatCST's picture

I'm afraid there's no easy way of accomplishing this.

As the team is moving machines around, then it's possible to use "Client List Changed" notification type (under MONITORS -> Notifications) to send you an email alert whenever a machine is added/moved to a specific OU.

Unfortunately, there's no native Notification for policy changes (i.e. someone adding a specific Device to be Excluded from Blocking.  You can grab the logs (under MONITORS -> Logs -> Log Type: Audit) for when a policy is changed, but not what was changed within it.