In policies, intrusion preventon policy, exceptions (bottom choice on the left in this policy) you can set it to block instead of allow certain things, like IM or P2P and other items normally allowed under this policy and groupd of settings. We disable IM in here, MSMSGR for example........
I can't recall where to go to look to see if someone is trying it, or where it is logged - how to view any history there...........
I see where someone is attempting to install such a product, and that's blocked of course, but where are the intrusion prevention policy, exceptions list hits logged?
I've got a whopper of a headache and can't read through the indexes in all those manuals very well today................