Where does SEPM Client keeps its logs when it is disconnected to the server?

the most detailed log is found on the client itself, open the SEP gui, then click the Logs. You will all the logs there, Risk, System logs etc..

Hi Paul..
what I mean is.. is there a way to know where SEPM keeps the virus logs? Files?
thanks...

If I remember correctly, it should be on %System Drive%\Documents and Settings\All User\Symantec folder, go on to the folders inside, but I am not sure if you can view these logs via notepad.

and if these files were to be erased by a client, it will not anymore report to the server once connected?
Just checking some vulnerabilities here...
thanks...
and by the way.. the file? hope you could still remember it SIr..
thanks..

hi,
yes: if the client logs are deleted while offline , the next moment SEP client connects SEPM, the existing logs only be processed.

and by the way.. the file? I believe this is the file Paul was referring to..C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs

cheers

Pete

Hi Nel you check the permissions set on this folder or file, I believe its SYSTEM, but please double check.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs

this is the actual locationo of clients log files.It is kept in datewise format. you can also delete the logs from here

thanks All for the feedback...
Could a client alter the files in the logs so to prevent SEPM client to report to SEPM server once connected again to the network?
They might delete the contents thus making SEPM client report nothing...
thanks

If I remember correctly, if you allow the user to have access on the Logs button, then they can delete the logs.

thanks..
Good to know that..
What possibly are the files extesions that carry the logs?
thanks..

I believe it's .log

And this is how you would interpret the logs if you would have to:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002111911231448

thanks for the help...