Video Screencast Help

Where we get logs for application related deleted file

Created: 08 Jul 2013 • Updated: 10 Jul 2013 | 11 comments
deepaknk's picture
This issue has been solved. See solution.

Where we get logs for application related deleted file ( example: .exe, .dll ) in Symantec client interface.

Operating Systems:

Comments 11 CommentsJump to latest comment

Rafeeq's picture

Like what symantec deleted? can you explain it little more?

deepaknk's picture

Hi Rafeeq,

 

Means, any application related which we install in system like .dll , .exe files . it extract in our system program files. Sometimes symantec detect it malicious and delete it or interrupt it so our application is stop working. After that what logs we want to refer for more details.

Beppe's picture

Hello,

things detected as malicious are logged in the risk logs, under virus and spyware protection logs.

Regards,

Giuseppe

deepaknk's picture

Means Symantec never delete any file from installed program?

 

If suppose Symantec interrupt any .dll file and application stop working than that application related  logs where we can find ?

Beppe's picture

Hello,

as you can see once you click "view logs" in the SEP client UI, logs are organized by SEP feature, not by the blocked application. If you suspect something has been blocked by the Antivirus, you will find it logged in the Virus protection logs, if you believe it has been blocked by the firewall, you find it in the Network protection logs and so on.

Regards,

Giuseppe

Rafeeq's picture

As Beppe mentioned it will be in Risk logs. If symantec falsely identified any genuine file then submit it for false positive.

https://submit.symantec.com/false_positive/

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

Network Threat Protection logs collect information about intrusion prevention. They also contain information about the connections that were made through the firewall (traffic), the registry keys, files, and DLLs that are accessed. They contain information about the data packets that pass through the computers. The operational changes that were made to computers are also logged in these logs. This information may include when services start and stop or when someone configures software. Among the other types of information that may be available are items such as the time and the event type and the action taken. It can also include the direction, host name, IP address, and the protocol that was used for the traffic involved. If it applies to the event, the information can also include the severity level. 

Reference: About Network Threat Protection reports and logs

http://www.symantec.com/docs/TECH95542

About log types

http://www.symantec.com/docs/HOWTO27271

 About the different types of Symantec Endpoint Protection Manager Reports

http://www.symantec.com/docs/TECH95538

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

deepaknk's picture

Thanks to all who reply this artical

SOLUTION
.Brian's picture

Have you received the solution to your question? If so, please mark the appropriate thread as solved so it can benefit future users who may have the same questions.

Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

What was your solution??

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

deepaknk's picture

 If symantec falsely identified any genuine file then submit it for false positive.

https://submit.symantec.com/false_positive/