Information is required about the various Application and Device Control reports and logs.

About the information in the Application Control and Device Control reports and logs

Application Control and Device Control logs and reports contain information about the following types of events:

• Access to a computer entity was blocked
• A device was kept off the network

Files, registry keys, and processes are examples of computer entities. The information that is available includes items such as the time and the event type; the action taken; the host, and the rule involved. It also contains the caller process that was involved. These logs and these reports include information about the Application and Device Control Policies and Tamper Protection.

The table below describes some typical uses for the kind of information that you can get from Application Control and Device Control reports and logs.



Report or log	Typical uses
Top Groups with most Alerted Application Control Logs	Use this report to check which groups are most at risk in your network.
Top Targets Blocked	Use this report to check which files, processes, and other entities are used most frequently in attacks against your network.
Top Devices Blocked	Use this report to find out which devices are the most problematic from the standpoint of compromising your network's security.
Application Control log	Use this log to see information about the following entities: The actions that were taken in response to events The processes that were involved in the events The rule names that were applied from the policy when an application's access is blocked
Device Control log	Use this log when you need to see Device Control details, such as the exact time that Device Control enabled or disabled devices. This log also displays information such as the name of the computer, its location, the user who was logged on, and the operating system involved.

References
About the different types of Symantec Endpoint Protection Manager Reports