Video Screencast Help
As we strive to continually improve your experience on our site, please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points! * Take the survey.

Enhanced Application and Device Control Logging

Created: 25 Feb 2013
jgellner's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

We have an Application and Device control rule setup to monitor all processes (*) that launch cmd.exe and the action is set to Allow and also to Enable Logging.

When SEP 12.1 logs the launch, it only identifies “C:\windows\system32.cmd.exe” as the target, but it fails to include the ‘command’ which is really “c:\windows\system32\cmd /c ping -n 10 localhost && del "c:\lights_round_requires.exe".

We would like to have the logs be more verbose in the target field portion to include the actual arguments passed to cmd.exe.