Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

USB Storage Device Full Logs Description in SEPM 12.1

Created: 06 Jun 2012 | 6 comments
Noor Shaikh's picture

Dear All,

First I want to know how to disable and enable a USB Storage Device once.

Second when I enabled a USB Storage Device I want to know from Logs description that which file has been moved from that system to USB e.g Word, Excell etc..  in SEPM 12.1

Looking for a prompt reply.

Thanks

Noor

Comments 6 CommentsJump to latest comment

pete_4u2002's picture

How to block or allow device's in Symantec Endpoint Protection
https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299

How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779

How to block USB hard drives, but allow reading specific USB drives in the Application and Device Control Policy?
http://www.symantec.com/docs/TECH173724

 

Policy to LOG activity in a USB drive by Symantec Endpoint Protection
http://www.symantec.com/business/support/index?page=content&id=TECH131125
http://www.symantec.com/business/support/index?page=content&id=TECH155578
 

Mithun Sanghavi's picture

Hello,

Q: First I want to know how to disable and enable a USB Storage Device once.

Check this Article:

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH175220

How to block USB flash drives while allowing other USB devices.

http://www.symantec.com/docs/TECH104299

Q: Second when I enabled a USB Storage Device I want to know from Logs description that which file has been moved from that system to USB e.g Word, Excell etc..  in SEPM 12.1

Check this Article:

http://www.symantec.com/docs/TECH155578

Check this Thread

https://www-secure.symantec.com/connect/forums/how-see-written-activity-usb-drive

However read this IDEA as well

https://www-secure.symantec.com/connect/idea/files-written-usb-drives-detailed-log

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

honey_jack's picture

For the USB Enable and Disable, Pls follow

https://www-secure.symantec.com/connect/forums/usb-device-access

http://www.symantec.com/business/support/index?page=content&id=TECH103401

https://www-secure.symantec.com/connect/downloads/sep-policy-block-usb-and-exclude-keyboard-and-mouse

How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299

How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779

How to block USB hard drives, but allow reading specific USB drives in the Application and Device Control Policy?
http://www.symantec.com/docs/TECH173724

 

For your Second Question you can create the notification of Email for USB Device

Connect to SEPM

2. Go to "Monitors"

3. Go to "Notifications" tab

4. Click on "Notification Conditions" button at the bottom of the console

5. Click on "Add..." and select "Client Security Alert"

6. In the top of the new window, specify condition name, filtering settings (optional) and outbreak type

7. Check "Application Control Events"

8. Specify condition and damper settings

9. Check "Send email to:" and type email address to use

10. Validate

https://www-secure.symantec.com/connect/forums/sepm-report-usb-disk-activity-logged

http://www.symantec.com/business/support/index?page=content&id=HOWTO55089#v17108849

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.

honey_jack's picture

Have you check the attach links.

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.

honey_jack's picture

Hi- Your issue sort out?

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.