Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Enhanced Application and Device Control Logging

Created: 25 Feb 2013
jgellner's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

We have an Application and Device control rule setup to monitor all processes (*) that launch cmd.exe and the action is set to Allow and also to Enable Logging.

When SEP 12.1 logs the launch, it only identifies “C:\windows\system32.cmd.exe” as the target, but it fails to include the ‘command’ which is really “c:\windows\system32\cmd /c ping -n 10 localhost && del "c:\lights_round_requires.exe".

We would like to have the logs be more verbose in the target field portion to include the actual arguments passed to cmd.exe.

Thanks,

Jeff