Log Actions
This setting defines when Media Encryption & Port Protection
A component on Endpoint Security Windows clients. This component protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on). Acronym. MEPP. creates log entries when a storage device is attached to an endpoint computer. You can select one of these predefined log actions:
|
Action |
Description |
|---|---|
|
Do not log security events |
Disable all log entries. |
|
Log only critical events |
Create log entries only for events that are classified as critical. |
|
Log critical and security events |
Create log entries only for events that are classified as critical or security events. |
|
Log all events |
Create log entries for all events. |
You cannot define custom log actions.
This table shows the applicable Media Encryption & Port Protection events and their severity classification.
|
Event ID |
Description |
Classification |
|---|---|---|
|
3 |
Policy update completed successfully |
Low |
|
7 |
Device authorization successful |
Low |
|
8 |
Device authorization failed |
Critical |
|
11 |
Device access is blocked when attached to the endpoint computer |
Critical |
|
15 |
Encrypted storage created successfully |
Low |
|
16 |
Encrypted storage device removed |
Critical |
|
20 |
Device is attached to an endpoint computer and access is allowed |
Security |
|
21 |
A user follows the Ask User procedure to override a rule |
Critical |
|
22 |
A users does not follow the Ask User procedure to override a rule |
Critical |
|
23 |
A storage device file operation is blocked |
Critical |
|
24 |
A storage device file operation is allowed |
Security |
You can define different log settings for Defining Exceptions for Devices .
Log entries are initially stored on client computers and then uploaded to the server at predefined intervals.