Endpoint Protection

Hi

We are using SEP 12.1.4 and need to configure the notification whenever the USB is inserted in any client whatever would be the policies assigned.

I have followed the below steps to configure the same, but unfortunately not able to get the notification of the same.

Open and login to the SEPM

Click Monitors

Click Notifications

Click Notification Conditions

Click Add

Select Client security alert

check out the required option(Device Control events) under "What settings would you like for this notification?"

Set the notifcation condition

Regards

Checked few discussion seems like its possible.

And the clients have ADC component enabled? did you for the client to update the logs? clients in pull mode or push mode?

- Is the ADC policy assigned to the client correctly and enabled?

- do you have "Log detected devices" option enabled in th ADC Policy?

Hi

Yes i have ADC polices configured

Also have "Log detected devices" option enabled

Regards

Try the following (if ADC policy is properly enabled):

• Outbreak type: Occurrences on any computer
• Enable "Application Control events"
• Notification condition: 1 (at least for testing, or you won't get too many notifications) within 1 minutes
• Damper: Auto. For testing, disable damper ("none") to get more messages. Damper means that the client won't send notifications after the initial sending during the damper period (Auto = 60 minutes).
• Enable "Log the notification" so that notifications are saved at all.