Information is required about the various Application and Device Control reports and logs.
About the information in the Application Control and Device Control reports and logs
- Access to a computer entity was blocked
- A device was kept off the network
- The actions that were taken in response to events
- The processes that were involved in the events
- The rule names that were applied from the policy when an application's access is blocked
Application Control and Device Control logs and reports contain information about the following types of events:
Files, registry keys, and processes are examples of computer entities. The information that is available includes items such as the time and the event type; the action taken; the host, and the rule involved. It also contains the caller process that was involved. These logs and these reports include information about the Application and Device Control Policies and Tamper Protection.
The table below describes some typical uses for the kind of information that you can get from Application Control and Device Control reports and logs.
|Report or log||Typical uses|
|Top Groups with most Alerted Application Control Logs||Use this report to check which groups are most at risk in your network.|
|Top Targets Blocked||Use this report to check which files, processes, and other entities are used most frequently in attacks against your network.|
|Top Devices Blocked||Use this report to find out which devices are the most problematic from the standpoint of compromising your network's security.|
|Application Control log||Use this log to see information about the following entities:
|Device Control log||Use this log when you need to see Device Control details, such as the exact time that Device Control enabled or disabled devices. This log also displays information such as the name of the computer, its location, the user who was logged on, and the operating system involved.|