Endpoint Protection

 View Only
  • 1.  How to monitor USB drive activity with application device rule

    Posted Dec 29, 2016 11:41 AM

    Hello,

    I would like to setup rule to monitor (log only) USB drive usage on Windows machines with SEP 12.1.6 MP5 clients. I've added a rule to Application and Device Control policy/ Application Control with Process Match: * and Only match processes running from the following device types: Removable Drive. Conditions added to the rule are:

    File and Folder Access Attempts and Launch Process Attemtps.

    The rule doesn't seem to be working as there is nothing in the logs for Application and Device Control / Application Control.

    What am I missing?

    Thanks

    Alex

     



  • 2.  RE: How to monitor USB drive activity with application device rule
    Best Answer

    Posted Dec 29, 2016 11:46 AM

    There is already a default rule: [AC5-1.1 Log Writing to USB drives

    Have you looked at this rule to use it instead?



  • 3.  RE: How to monitor USB drive activity with application device rule

    Posted Dec 29, 2016 02:28 PM

    I have not. How do I enable it please?



  • 4.  RE: How to monitor USB drive activity with application device rule

    Posted Dec 29, 2016 02:30 PM

    In the policy put a checkbox next to it and make sure it is set to Test (log only) and save the policy. Apply the policy to whatever groups you need.