Where to review Intrusion Prevention events logged on the Symantec Endpoint Protection Manager and Client?
search cancel

Where to review Intrusion Prevention events logged on the Symantec Endpoint Protection Manager and Client?

book

Article ID: 177816

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Where are Intrusion Prevention events logged on the Symantec Endpoint Protection Client and Symantec Endpoint Protection Manager?

Symptoms
You have received a notification on the client that traffic is being blocked and would like to know where this information is logged on the Symantec Endpoint Protection Client and Symantec Endpoint Protection Manager.

Resolution

Symantec Endpoint Protection Client

  1. Logs can found by opening the Symantec Endpoint Protection Client Gui
  2. Select View Logs button on the GUI
  3. Select the Client Management View Logs button
  4. Select Security Log from the list

Symantec Endpoint Protection Manager

  1. Logs can be found by selecting the Monitors page
  2. Select the Logs tab
  3. For "Log type:" select Network and Host Exploit Mitigation
  4. Set "Log content:" to Attacks 
  5. Select Additional Settings
  6. Set "Event Type:" to Intrusion Prevention
  7. Click View Log to view results

 

 

Powered by Wolken Software