Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Prevent end users from changing AV log retention for SEP client

Updated: 09 Feb 2010 | 5 comments
GrahamA's picture
GrahamA
Symantec Employee
Accredited
8 Agree
1 Disagree
+7 9 Votes
Login to vote
Status: In Development

(re-posting previously requested item)

Wish to be able to lock the end users ability to modify the local AV/AS log retention period for the local SEP client. This will ensure end users can't lower the configured period can cause a situation where a machine is off the network, gets infected, the AV/AS log is purged and then the machine connects to the network, thus meaning the central admin is unaware of the infection.

idea Filed Under:
, , , , ,

Comments

TallTech's picture
06
Nov
2009
1 Vote +1
Login to vote
TallTech

Log retention - for forensics

I would like to be able to set the client log and not have it editable so an end user can not remove logs that need to be used to tracking or other forensics. I can see several reasons to let the adminstrator control that retention and the end user not being able to configure it.

shp's picture
19
Nov
2009
2 Votes +2
Login to vote
shp

This option should be

This option should be included with the other polices.... 

Regards,
Srinivas H.P.
HCL Infosystems Ltd

matt will fix it's picture
10
Jan
2010
2 Votes +2
Login to vote
matt will fix it

For clarity, the option in

For clarity, the option in question is:

The option "Delete logs older than x days"

There is no padlock against this setting, and users can change it on the client side. This brings compliance issues as users can delete log files from their PC. This was logged as tech support case 281-889-718 however it was closed as the product is working "As designed". The solution was to disable the Client SEP GUI, however this has other issues, eg how does the user perform a manual scan? How do they determine the current definitions in use? How can they see the policy serial number? etc.

Every other policy option (with the exception of Quarantine) is able to be locked down, why not this one?

g

JimW's picture
09
Feb
2010
0 Votes 0
Login to vote
JimW

This change is being targeted

This change is being targeted for a release later this year.

JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Dennis WhatWhat's picture
12
Jul
2010
0 Votes 0
Login to vote
Dennis WhatWhat
Certified

Restriction of local log retention

Jim has this feature (locking of the local retention logs been added to any newer revisions of SEP since your last post?

Thanks for any information, Dennis

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,887