Hello,
I have the Symantec Data Center Security 6.7 mp2 version intalled with 350 servers (DNS,IIS, DB, etc) now i have to tunning the policies because i have too many logs that belongs to C:\Windows\System32 (conhost, lsass, cmd. etc)-.
Does anyone know if there is a way or a solution in order to exclude logs or in my case allow all modifications to system32 ?
or should i first analize every log and put exceptions one by one in each sandbox?
Thanks community!