This issue needs a solution.

USB Storage Device Full Logs Description in SEPM 12.1

Created: 06 Jun 2012
Noor Shaikh's picture
Login to vote
0 0 Votes

Dear All,

First I want to know how to disable and enable a USB Storage Device once.

Second when I enabled a USB Storage Device I want to know from Logs description that which file has been moved from that system to USB e.g Word, Excell etc..  in SEPM 12.1

Looking for a prompt reply.

Thanks

Noor

Filed Under

Comments

pete_4u2002
Symantec Employee
Accredited
06
Jun
2012

How to block or allow

How to block or allow device's in Symantec Endpoint Protection
https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299

How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779

How to block USB hard drives, but allow reading specific USB drives in the Application and Device Control Policy?
http://www.symantec.com/docs/TECH173724

 

Policy to LOG activity in a USB drive by Symantec Endpoint Protection
http://www.symantec.com/business/support/index?page=content&id=TECH131125
http://www.symantec.com/business/support/index?page=content&id=TECH155578
 

Mithun Sanghavi
Symantec Employee
Accredited
06
Jun
2012

Answers

Hello,

Q: First I want to know how to disable and enable a USB Storage Device once.

Check this Article:

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH175220

How to block USB flash drives while allowing other USB devices.

http://www.symantec.com/docs/TECH104299

Q: Second when I enabled a USB Storage Device I want to know from Logs description that which file has been moved from that system to USB e.g Word, Excell etc..  in SEPM 12.1

Check this Article:

http://www.symantec.com/docs/TECH155578

Check this Thread

https://www-secure.symantec.com/connect/forums/how-see-written-activity-usb-drive

However read this IDEA as well

https://www-secure.symantec.com/connect/idea/files-written-usb-drives-detailed-log

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

06
Jun
2012

For the USB Enable and

For the USB Enable and Disable, Pls follow

https://www-secure.symantec.com/connect/forums/usb-device-access

http://www.symantec.com/business/support/index?page=content&id=TECH103401

https://www-secure.symantec.com/connect/downloads/sep-policy-block-usb-and-exclude-keyboard-and-mouse

How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299

How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779

How to block USB hard drives, but allow reading specific USB drives in the Application and Device Control Policy?
http://www.symantec.com/docs/TECH173724

 

For your Second Question you can create the notification of Email for USB Device

Connect to SEPM

2. Go to "Monitors"

3. Go to "Notifications" tab

4. Click on "Notification Conditions" button at the bottom of the console

5. Click on "Add..." and select "Client Security Alert"

6. In the top of the new window, specify condition name, filtering settings (optional) and outbreak type

7. Check "Application Control Events"

8. Specify condition and damper settings

9. Check "Send email to:" and type email address to use

10. Validate

https://www-secure.symantec.com/connect/forums/sepm-report-usb-disk-activity-logged

http://www.symantec.com/business/support/index?page=content&id=HOWTO55089#v17108849

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.

15
Jun
2012

Have you check the attach

Have you check the attach links.

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.

Gerald Selvaraj David
Accredited
Accredited
15
Jun
2012

Thanks

Good Links

22
Jul
2012

Hi- Your issue sort out?

Hi- Your issue sort out?

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.