EMEA Endpoint Management and Mobility Group (EMM)

Where we get logs for application related deleted file ( example: .exe, .dll ) in Symantec client interface.

Like what symantec deleted? can you explain it little more?

Hi Rafeeq,

Means, any application related which we install in system like .dll , .exe files . it extract in our system program files. Sometimes symantec detect it malicious and delete it or interrupt it so our application is stop working. After that what logs we want to refer for more details.

Hello,

things detected as malicious are logged in the risk logs, under virus and spyware protection logs.

Means Symantec never delete any file from installed program?

If suppose Symantec interrupt any .dll file and application stop working than that application related  logs where we can find ?

As Beppe mentioned it will be in Risk logs. If symantec falsely identified any genuine file then submit it for false positive.

https://submit.symantec.com/false_positive/

Hello,

as you can see once you click "view logs" in the SEP client UI, logs are organized by SEP feature, not by the blocked application. If you suspect something has been blocked by the Antivirus, you will find it logged in the Virus protection logs, if you believe it has been blocked by the firewall, you find it in the Network protection logs and so on.

Hi,

Thank you for posting in Symantec community.

Network Threat Protection logs collect information about intrusion prevention. They also contain information about the connections that were made through the firewall (traffic), the registry keys, files, and DLLs that are accessed. They contain information about the data packets that pass through the computers. The operational changes that were made to computers are also logged in these logs. This information may include when services start and stop or when someone configures software. Among the other types of information that may be available are items such as the time and the event type and the action taken. It can also include the direction, host name, IP address, and the protocol that was used for the traffic involved. If it applies to the event, the information can also include the severity level. 

Reference: About Network Threat Protection reports and logs

http://www.symantec.com/docs/TECH95542

About log types

http://www.symantec.com/docs/HOWTO27271

 About the different types of Symantec Endpoint Protection Manager Reports

http://www.symantec.com/docs/TECH95538

Thanks to all who reply this artical

Have you received the solution to your question? If so, please mark the appropriate thread as solved so it can benefit future users who may have the same questions.

Brian

What was your solution??

 If symantec falsely identified any genuine file then submit it for false positive.

https://submit.symantec.com/false_positive/