This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device control - Full access logs

Hi,

For audit purpose I need to check the logs of device control exemptions, but in Events or Reports there are only the "Block" or "Read Only" type. And I need the "Full access" log excemtions.

Is there any way to get these logs?

Thanks in advance.

This thread was automatically locked due to age.

Parents

0 QC over 10 years ago

Hello CL,
only Block/Read Only events are sent to SEC and AFAIK an endpoint's regular logs also don't contain "Full access" actions (to be exact these are no-actions as the device simply isn't blocked) except when a policy change unblocks a device.
What exactly do you need? The information that an exempted device has been permitted which would otherwise have been blocked (please note that this would not mean that the device has actually been used)?
Christian
:55597
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 10 years ago

Hello CL,
only Block/Read Only events are sent to SEC and AFAIK an endpoint's regular logs also don't contain "Full access" actions (to be exact these are no-actions as the device simply isn't blocked) except when a policy change unblocks a device.
What exactly do you need? The information that an exempted device has been permitted which would otherwise have been blocked (please note that this would not mean that the device has actually been used)?
Christian
:55597
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data