Information is required about the various Application and Device Control reports and logs.
About the information in the Application Control and Device Control reports and logs
Application Control and Device Control logs and reports contain information about the following types of events:
Access to a computer entity was blocked
A device was kept off the network
Files, registry keys, and processes are examples of computer entities. The information that is available includes items such as the time and the event type; the action taken; the host, and the rule involved. It also contains the caller process that was involved. These logs and these reports include information about the Application and Device Control Policies and Tamper Protection.
The table below describes some typical uses for the kind of information that you can get from Application Control and Device Control reports and logs.
Report or log
Top Groups with most Alerted Application Control Logs
Use this report to check which groups are most at risk in your network.
Top Targets Blocked
Use this report to check which files, processes, and other entities are used most frequently in attacks against your network.
Top Devices Blocked
Use this report to find out which devices are the most problematic from the standpoint of compromising your network's security.
Application Control log
Use this log to see information about the following entities:
The actions that were taken in response to events
The processes that were involved in the events
The rule names that were applied from the policy when an application's access is blocked
Device Control log
Use this log when you need to see Device Control details, such as the exact time that Device Control enabled or disabled devices. This log also displays information such as the name of the computer, its location, the user who was logged on, and the operating system involved.