Endpoint Protection

 View Only

  • 1.  SEPM Report for USB disk activity logged

    Posted Nov 30, 2011 07:55 PM

    Running SEP 12.1

    Is it possible to have the logs that are accessible under Monitor --> Logs be available as a scheduled report?

    Specifically, I'd like the Monitors --> Logs --> Application and Device Control --> Application Control (and Device Control) logs to be available as a report to get sent weekly to an administrator account.

    The canned reports for App/Dev control are horrible - there is no detail whatsoever.

    Currently, a user must log in to the SEPM and manually run the Monitor --> Logs report(s).  This is inconvenient at best, and often missed/overlooked/forgotten.

    Thanks.



  • 2.  RE: SEPM Report for USB disk activity logged

    Posted Nov 30, 2011 09:25 PM

    Hi,

      If you have blocked the USB using ADC policy, you should ENABLE the Logging in policy.

    it should showup in PTP system Log .....



  • 3.  RE: SEPM Report for USB disk activity logged

    Broadcom Employee
    Posted Nov 30, 2011 10:57 PM

    check this article, this might help

    http://www.symantec.com/business/support/index?page=content&id=TECH131125

    The activity logged can be found in:
    - SEP Client > View Logs > Client Management > View Log > Control Log
    - The console of Symantec Endpoint Protection Manager (SEPM) > Monitors > Logs > Application and Device Control > Application Control



  • 4.  RE: SEPM Report for USB disk activity logged

    Posted Dec 01, 2011 09:06 AM

    As my OP mentioned, I see the logs in the SEPM. 

    My question is how to get that same information as a scheduled report delivered to the SEPM administrator(s).

     

    The Logs cannot be delivered on a schedule (that I've seen), and the Reports option does not have the same options under Application and Device Control.



  • 5.  RE: SEPM Report for USB disk activity logged



  • 6.  RE: SEPM Report for USB disk activity logged

    Posted Dec 01, 2011 09:55 PM

    Hi, 

     Check this Article For Looging the USB activity :

    http://www.symantec.com/docs/TECH131125

    I think this will help ...



  • 7.  RE: SEPM Report for USB disk activity logged

    Posted Dec 02, 2011 12:37 PM

    Thanks for the links, but as I have stated twice now, I see the logs under the MONITOR --> LOGS option.  I am getting logged info on USB activity. 

    How can I generate the same DATA which I am able to view in the log EMAILED as a REPORT on a SCHEDULE.  None of the links specify how to accomplish this task.

    Thanks for your help. 



  • 8.  RE: SEPM Report for USB disk activity logged
    Best Answer

    Posted Dec 02, 2011 12:53 PM

    Solution


    1. Connect to SEPM

    2. Go to "Monitors"

    3. Go to "Notifications" tab

    4. Click on "Notification Conditions" button at the bottom of the console

    5. Click on "Add..." and select "Client Security Alert"

    6. In the top of the new window, specify condition name, filtering settings (optional) and outbreak type

    7. Check "Application Control Events"

    8. Specify condition and damper settings

    9. Check "Send email to:" and type email address to use

    10. Validate


     

     

     NOTE: more details available regarding each setting by clicking on "Help" button at the bottom of the window

     



  • 9.  RE: SEPM Report for USB disk activity logged

    Posted Dec 02, 2011 05:22 PM

    Perfect!!

    That will work for our needs.  A report would be ideal, but this will meet the requirements.