Endpoint Protection

 View Only

  • 1.  Where does the SEP 12 Client Security Log - Client Management Logs show up in SEP Manager?

    Posted Jun 19, 2013 06:12 PM

    I'm working on creating some Application and Device Control policies that can monitor the USB drives that are plugged into machines.  I'm hoping that I may be able to record the Device IDs of the USB Drives so that if necessary I can add blocks to the Application and Device Control Policy.  However I'm currently having an issue with testing in terms of locating where this information is saved.  So for instance at the moment I have a policy in place to block a specific USB Device and it appears to be working.  I can check the SEP Client Logs and under Security Log - Client Management Logs I actually see the event of the USB Device being blocked.  What I'm interested in now is locating these entries in the SEPM.  I think I've checked all of the Monitors -> Logs with no luck.  Is anyone familiar with where this is located?  Also is it possible to record the Device IDs for all plugged in devices?  It would be nice for management of restricting infected devices.

     

    Thanks,

    Mike



  • 2.  RE: Where does the SEP 12 Client Security Log - Client Management Logs show up in SEP Manager?
    Best Answer

    Posted Jun 19, 2013 07:46 PM

    The Device IDs are not recorded. This has been a sticking point for some time now.

    You would need to use DevViewer on a client to get the Device ID.



  • 3.  RE: Where does the SEP 12 Client Security Log - Client Management Logs show up in SEP Manager?

    Posted Jun 19, 2013 11:26 PM

    You can't be able to record the device Id.

    Use deviewer tool to block it

    DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

    Article:TECH103401  |  Created: 2007-01-19  |  Updated: 2011-12-28  |  Article URL http://www.symantec.com/docs/TECH103401

     



  • 4.  RE: Where does the SEP 12 Client Security Log - Client Management Logs show up in SEP Manager?

    Posted Jun 20, 2013 12:22 AM

    Hi

    You need to use the Dev Viewer tool to take the Device ID

    In SEP 12.1 the tool is incorporated in the SEP client itself

    Regards

     



  • 5.  RE: Where does the SEP 12 Client Security Log - Client Management Logs show up in SEP Manager?

    Posted Jun 20, 2013 12:35 AM

    Hi,

    Agreed with above comments.

    DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

    http://www.symantec.com/business/support/index?page=content&id=TECH103401

     



  • 6.  RE: Where does the SEP 12 Client Security Log - Client Management Logs show up in SEP Manager?

    Posted Jun 21, 2013 10:59 AM

    Do the logs found under Client Management -> Security Logs on the SEP Client get recorded back in the SEPM?  If so where do they get recorded?  I'm assuming the answer is no since this log appears to have the Device ID information in it.



  • 7.  RE: Where does the SEP 12 Client Security Log - Client Management Logs show up in SEP Manager?

    Posted Jun 21, 2013 02:38 PM

    One last thing to note from additional testing that I just found.  There is a way to record the Device ID through the SEPM.  If a USB device writes or reads on a machine with a SEP client this data will be logged in the Application and Device Control -> Application Logs.  Highlight one of the entries and click on Details and scroll to the bottom.  It will show you the Device ID.  You can then record that device and add it to whatever restrictions policies you may have.