Does Symantec have or does anyone know the list of SEP v14 event ID's that would be written to the Windows event viewer?
We would like to monitor the windows event viewer logs for SEP via SCOM. Anyone monitoring it currently?
Thanks in advance for any assistance provided.
Closest they have:
I don;t see one for 14 though but maybe these will still work.
SEP has it's pwn event log source in the Windows event viewer so maybe you can pull the whole entirety and filter on what you need?
Thanks. I got some feedback from Symantec support that the event ID's change from version to version .
What I've gathered so far:
One for the SEPM: