Video Screencast Help

Need to track the logs of changed SEPM policy.

Created: 15 May 2012 • Updated: 15 May 2012 | 2 comments
Annik SAT's picture
3 Agree
0 Disagree
+3 3 Votes
Login to vote

I need to know the details of that perticular user who have chenged which existing symantec policy and when?



Comments 2 CommentsJump to latest comment

pete_4u2002's picture

In SEPM -Reports- Quick Reports -Audit , this will show the policy change and the user made it

Audit The Audit report contains information about policy modification activities, such as the event times and types, policy modifications, domains, sites, administrators, and descriptions.

Login to vote
JUSTICE's picture

@Annik SAT: I would advise and recommend the Logon Banner text reflect that: "WARNING: AUDIT LOGGING IS ENABLED" of which any SEPM admin (or one entrusted with their creds to login - System Administrator, Administrator and Limited Administrator) should know their actions are monitored. Are you aware of: Which administrator activities are logged in the Symantec Endpoint Protection Manager console?(Article: TECH141668)

Marcus Sebastian Payne
"So cyberspace is real. And so are the risks that come with it."
- President Barack Obama

Login to vote