Video Screencast Help

Where does the SEP 12 Client Security Log - Client Management Logs show up in SEP Manager?

Created: 19 Jun 2013 • Updated: 20 Jun 2013 | 6 comments
This issue has been solved. See solution.

I'm working on creating some Application and Device Control policies that can monitor the USB drives that are plugged into machines.  I'm hoping that I may be able to record the Device IDs of the USB Drives so that if necessary I can add blocks to the Application and Device Control Policy.  However I'm currently having an issue with testing in terms of locating where this information is saved.  So for instance at the moment I have a policy in place to block a specific USB Device and it appears to be working.  I can check the SEP Client Logs and under Security Log - Client Management Logs I actually see the event of the USB Device being blocked.  What I'm interested in now is locating these entries in the SEPM.  I think I've checked all of the Monitors -> Logs with no luck.  Is anyone familiar with where this is located?  Also is it possible to record the Device IDs for all plugged in devices?  It would be nice for management of restricting infected devices.

Thanks,

Mike

Operating Systems:

Comments 6 CommentsJump to latest comment

Brɨan's picture

The Device IDs are not recorded. This has been a sticking point for some time now.

You would need to use DevViewer on a client to get the Device ID.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
raju123's picture

You can't be able to record the device Id.

Use deviewer tool to block it

DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection
Article:TECH103401  |  Created: 2007-01-19  |  Updated: 2011-12-28  |  Article URL http://www.symantec.com/docs/TECH103401
SameerU's picture

Hi

You need to use the Dev Viewer tool to take the Device ID

In SEP 12.1 the tool is incorporated in the SEP client itself

Regards

Ambesh_444's picture

Hi,

Agreed with above comments.

DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

http://www.symantec.com/business/support/index?page=content&id=TECH103401

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

SEP_FMI's picture

Do the logs found under Client Management -> Security Logs on the SEP Client get recorded back in the SEPM?  If so where do they get recorded?  I'm assuming the answer is no since this log appears to have the Device ID information in it.

SEP_FMI's picture

One last thing to note from additional testing that I just found.  There is a way to record the Device ID through the SEPM.  If a USB device writes or reads on a machine with a SEP client this data will be logged in the Application and Device Control -> Application Logs.  Highlight one of the entries and click on Details and scroll to the bottom.  It will show you the Device ID.  You can then record that device and add it to whatever restrictions policies you may have.