Generating Application and Device Control reports based on MD5 blocks
Article ID: 218709
Updated On:
Products
Issue/Introduction
Learn how to generate a report of machines blocked by the MD5 that has been defined in the Application and Device Control (ADC) policy.
Environment
Release : SEP 14.x
Cause
The Symantec Endpoint Protection Manager (SEPM) does not provide a method of generating a report that only shows clients which triggered an Application and Device Control (ADC) detection based on MD5 Hash Process.
Resolution
When a client triggers an Application and Device Control detection based on an MD5 hash, the event will record the Target MD5 value in the description field. You can export the report to CSV and use Excel to Display Only Rows with certain MD5 values.
Step 1: Generate the Application Control Report and Export it to CSV
1. Click on Monitors > Logs
- Log Type: Application and Device Control
- Log Content: Application Control
- Time Range: <Select the range>
Note: The range will depend on the log retention configuration. The old events will get purged (First In First Out) after 20,000 entries or 60 days (Default)
2. Click View log
3. Click Export to CSV
Step 2: How to Display Only Rows with Certain MD5 Hash In Excel
1. Open the Application and Device Control report (CSV) in Microsoft Excel
2. Select the Label Row for Filter
3. Click Data > Filter to enable the Filter function
4. Click the drop-down arrow next to the Description field. Select Text Filters > Contains
5. In the Custom AutoFilter dialog, you can specify the MD5 Hash you want to filter
6. Click OK. Only the rows which contain the MD5 Hash string you specified will be displayed.
Feedback
