Video Screencast Help

USB Logs monitoring through SPEM12.1

Created: 11 Jan 2013 | 9 comments

Who we can monitor the usb logs in dtails.

Like what data copy from usb to system and from system to usb with file name and  all.

We are usign the SEPM12.1.

Thanks

Comments 9 CommentsJump to latest comment

Ashish-Sharma's picture

 

solution
 
1: Connect to the Symantec Endpoint Protection Manager Console / SEPM
 
2: click on "Policies" -> click on "Application and Device Control" under "View Policies" -> edit or create a new application -> click on "Application Control" -> on the right pane, Enable the option "Log files written on the USB drivers"
 
3: Click Edit button to edit "Log files written to USB drives" policy configuration
 
4: Click on "Connect USB disks written" under "Connection written on USB drives" on the left panel
 
5: In "Properties" tab, select the USB device will be used for this policy, default is "*" means all that is USB will be applied with these parameters.
 
6: under "Actions", if you just want to save the creation, deletion or writing attempts USB device, please click "enable logging" in "create, delete or attempt to writing. " if you want to save or read attemp, you need to check "logging ebable" under "trying to read"
 
7: Click "OK" twice, then left-click the policy and assign the policy to groups
 
how to display the registration activation USB?
 
1: Identify SEPM
 
2: Click "Monitor" on the left panel SEPM
 
3: Click "logs" tag
 
4: select "application control and device" as log type, select "Application Control" as the log contents.
 
5: Choose the time interval approperal and click "View Log" button
 
6: You can find the same information from database table "DBA.AGENT_BEHAVIOR_LOG_2"
 
Ref - http://www.symantec.com/docs/TECH155578
 
Check them out -
 
https://www-secure.symantec.com/connect/forums/how-see-written-activity-usb-drive

USB Storage Device Full Logs Description in SEPM 12.13

https://www-secure.symantec.com/connect/forums/usb...

 
http://www.symantec.com/docs/TECH96690
 
However read this and IDEA -
 
https://www-secure.symantec.com/connect/idea/files-written-usb-drives-detailed-log
 
https://www-secure.symantec.com/connect/ideas/symantec-endpoint-protection-usb-device-logging

Thanks In Advance

Ashish Sharma

 

 

Dilippatel's picture

You are correct but by enabling this policy we get the logs for the data which is copied from local computer to USB drive but we need the logs for which data is copied from USB drive to local computer.

Dilippatel's picture

You are correct but by enabling this policy we get the logs for the data which is copied from local computer to USB drive but we need the logs for which data is copied from USB drive to local computer.

Ashish-Sharma's picture

HI,

Check this thread mithun Comments

http://www.symantec.com/connect/forums/usb-storage-device-full-logs-description-sepm-121

Mithun Sanghavi

Second when I enabled a USB Storage Device I want to know from Logs description that which file has been moved from that system to USB e.g Word, Excell etc..  in SEPM 12.1

Check this Article:

http://www.symantec.com/docs/TECH155578

Check this Thread

https://www-secure.symantec.com/connect/forums/how-see-written-activity-usb-drive

However read this IDEA as well

https://www-secure.symantec.com/connect/idea/files-written-usb-drives-detailed-log

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

It shuld be logged to the Control log on the client. Did you check there?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Dilippatel's picture

Dear Brain81

 

I check the control logs on client but it is providing the information for the data which is going from desktop to usb drive.. that is fine... same is available in sepm monitor console after enabling the usb write policy.

 

but we would like to know that what data is copied from pen drive to desktop.

it is possible to find please help...

 

.Brian's picture

You won't be able to see the file names.

For this you would need another product such as Symantec Endpoint Encryption Device Control (SEEDC) or some other third party product that can do this.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.