Which logs to check to find out which policy was changed on which group
Scenario: An Administrator logs into the Symantec Endpoint Protection Manager Console and removes a Global Exception Policy from all groups defined with the SEPM, causing several mission critical applications to stop functioning.
The Audit logs generated from SEPM > Monitors > Logs > Log Type > Audit Log, has the following information.
Event type: Policy edited
Description: Update shared Antivirus Policy: Antivirus and Antispyware policy - High Security
Time: 08/25/2011 06:27:24
Policy: Antivirus and Antispyware policy - High Security
It would be helpful for the Administrators if the Audit log had details about the exact changes which were made, for example, What change was made to the policy (Withdrawn, Deleted, Edited, Assigned to another Group, Policy Replaced with which policy), what Policy configurations were changed (Options selected/deselected, Checkboxes checked/unchecked, etc). At present SEPM does not provide enough detailed information for this type of activity.
Request: Need a log that provide more detailed information of the changes of policy