This setting defines when Media Encryption & Port Protection creates log entries when a storage device is attached to an endpoint computer. You can select one of these predefined log actions:
Action |
Description |
---|---|
Do not log security events |
Disable all log entries. |
Log only critical events |
Create log entries only for events that are classified as critical. |
Log critical and security events |
Create log entries only for events that are classified as critical or security events. |
Log all events |
Create log entries for all events. |
You cannot define custom log actions.
This table shows the applicable Media Encryption & Port Protection events and their severity classification.
Event ID |
Description |
Classification |
---|---|---|
3 |
Policy update completed successfully |
Low |
7 |
Device authorization successful |
Low |
8 |
Device authorization failed |
Critical |
11 |
Device access is blocked when attached to the endpoint computer |
Critical |
15 |
Encrypted storage created successfully |
Low |
16 |
Encrypted storage device removed |
Critical |
20 |
Device is attached to an endpoint computer and access is allowed |
Security |
21 |
A user follows the Ask User procedure to override a rule |
Critical |
22 |
A users does not follow the Ask User procedure to override a rule |
Critical |
23 |
A storage device file operation is blocked |
Critical |
24 |
A storage device file operation is allowed |
Security |
You can define different log settings for specified devices.
Log entries are initially stored on client computers and then uploaded to the server at predefined intervals.