Viewing Events

Endpoint Security allows you to monitor activities related to storage and peripheral devices as events and if required, change the device details and status. For example, if a device that should be allowed was blocked and vice versa.

Column Description
Event Time Date and time when the device was connected to the endpoint.
Status Whether the device was blocked or allowed.
Device Name Name of the device.
Device Type Type of device.
Category Category of the device.
Serial Number Serial number of the device.
User Name Name of the user.
Computer Name Name of the computer.

To modify the device details and status:

  1. Click Asset Management > Media Devices > Events.
  2. Right-click the event and select Exclude.

    The Device Override Settings window opens.

  3. Enter these:
    • Name - Enter a unique device display name, which cannot contain spaces or special characters (except for the underscore and hyphen characters).

    • Applies to - This setting is valid for peripheral devices only.

    • Connection Type- Select the connection type Internal, External or Unknown (required).

    • Category - Select a device category from the list.

    • Serial Number - Enter the device serial number. You can use wild card characters in the serial number to apply this device definition to more than one physical device. See Using Wild Card Characters.

    • Extra Information - Configure whether the device shows as fixed disk device (Hard Drive with Master Boot Record), a removable device (Media without Master Boot Record) or None.

    • Device ID Filter - Enter a filter string that identifies the device category (class). Devices are included in the category when the first characters in a Device ID match the filter string. For example, if the filter string is My_USB_Stick, these devices are members of the device category:

      • My_USB_Stick_40GB

      • My_USB_Stick_80GB

    • Supported Capabilities:

      • Log device events - Select this option to create a log entry when this device connects to an endpoint computer (Event ID 11 or 20 only).

      • Allow encryption - Select this option if the device can be encrypted (storage devices only).

  4. Assign Groups (relevant for storage devices only):
    1. To assign the device to an existing group, from the existing group list, select a group.

    2. To assign the device to a new group, in the create a new group field, enter the new group name.

    3. If you do not want to add the device to any group, select do not add to group.

  5. Configure the required Read Policy and Write Policy (relevant to storage devices only).

    For more information on the configuration options, see Configuring the Read Action and Configuring the Write Action.

  6. Define Behavior (relevant for peripheral devices only):
    1. From the Rule(s) list, select a rule.

    2. From the Access type list, select Accept or Block.

    3. From the Log type list, select a log.

    4. Add details in the Description field.

  7. Click Finish.