This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device control - Full access logs

Hi,

For audit purpose I need to check the logs of device control exemptions, but in Events or Reports there are only the "Block" or "Read Only" type. And I need the "Full access" log excemtions.

Is there any way to get these logs?

Thanks in advance.

This thread was automatically locked due to age.

0 QC over 10 years ago

Hello CL,
only Block/Read Only events are sent to SEC and AFAIK an endpoint's regular logs also don't contain "Full access" actions (to be exact these are no-actions as the device simply isn't blocked) except when a policy change unblocks a device.
What exactly do you need? The information that an exempted device has been permitted which would otherwise have been blocked (please note that this would not mean that the device has actually been used)?
Christian
:55597
Cancel
Vote Up 0 Vote Down

Cancel
0 CL over 10 years ago

Hello QC,
Since the exceptions are created by groups, I need to make a periodic review to validate that the Full Access devices are being connecting only to the computer that was requested.
Any suggestions on how to accomplish this?
:55622
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 10 years ago

Hello CL,
I see. Now I don't think that Windows provides a log of all device inserts. Guess you'd need an extra tool which does this ...
Christian
:55714
Cancel
Vote Up 0 Vote Down

Cancel