Support

Support for business applications

Kaspersky Endpoint Security 10 for Windows

Device Control

Adding or excluding records to or from the event log

Kaspersky Endpoint Security 10 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ System requirements Upgrade to KES 12 for Windows Forum Contact support Recovery tools Product videos

Adding or excluding records to or from the event log

22 December 2022

ID 134053

Get as PDF

Event logging is available only for operations with files on removable drives.

To enable or disable event logging:

  1. Open the application settings window.
  2. In the left part of the window, in the Endpoint control section, select the Device Control subsection.

    In the right part of the window, the settings of the Device Control component are displayed.

  3. In the right part of the window, select the Types of devices tab.

    The Types of devices tab contains access rules for all devices that are included in the classification of the Device Control component.

  4. Select Removable drives in the table of devices.

    The Logging button becomes available in the upper part of the table.

  5. Click the Logging button.

    This opens the Logging Settings window.

  6. Do one of the following:
    • If you want to enable logging of file deletion and write operations on removable drives, select the Enable logging check box.

      Kaspersky Endpoint Security will save an event to the log file and send a message to the Kaspersky Security Center Administration Server whenever the user performs write or delete operations with files on removable drives.

    • Otherwise, clear the Enable logging check box.
  7. Specify which operations must be logged. To do so, perform one of the following:
    • If you want Kaspersky Endpoint Security to log all events, select the Save information about all files check box.
    • If you want Kaspersky Endpoint Security to log only information about files of a specific format, in the Filter on file formats section, select the check boxes opposite the relevant file formats.
  8. Specify which Kaspersky Endpoint Security users' actions must be logged as events. To do so:
    1. In the Users section, click the Select button.

      The standard Select Users or Groups window in Microsoft Windows opens.

    2. Specify or edit the list of users and / or groups of users.

    When the users specified in the Users section write to files located on removable drives or delete files from removable drives, Kaspersky Endpoint Security will save information about such operations to the event log and send a message to the Kaspersky Security Center Administration Server.

  9. In the Logging settings window, click OK.
  10. To save changes, click the Save button.

You can view events associated with files on removable drives in the Kaspersky Security Center Administration Console in the workspace of the Administration Server node on the Events tab. For events to be displayed in the local Kaspersky Endpoint Security event log, you must select the File operation performed check box in the notification settings for the Device Control component.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.