Endpoint Security client not logging write operations to USB devices

book

Article ID: 242578

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete

Issue/Introduction

An Application and Device Control policy was exported from an on-premises Endpoint Protection Manager. The resulting dat file was then imported into the Integrated Cyber Defense Management console as a Custom Application Behavior policy.

The policy imported contains an application control rule condition that logs all creates, deletes, or writes to USB devices.

When the client receives this policy, the write activity does not look to be logged in the Control log, however when a file is deleted it is logged properly.

Environment

The impacting rule condition in the Custom Application Behavior (CAB) policy is one that is imported from an on-premises SEPM Application Device Control policy.

The default cloud CAB policy does not contain these rule conditions.

Resolution

Our Engineering team is investigating this issue and will update this document when a solution becomes available.

Additional Information

CRE-10355