hello
i have an assistant who can disable and anable the VSE on clinets . so i want to know what logs not reportes on dashboard show me whitch system he disable the access protection or on-access protection even for 1 min?
thank you
Solved! Go to Solution.
HI MMJ,
There are no logs that show who disabled OAS/Access Protection on a workstation or server. However, these settings are only accessible via the local console for VSE, on this basis you can say that the "logged in user" made the changes ( if they are not done by ePO). If the user allows someone else to change these settings then maybe a discussion needs to be had around company policy etc.
However, also in the local console or via ePO you can set a password to "lockout" the local console and prevent users from making these changes.. I suggest this would be the best course of action at this point.
Also, if the logged in user has a "restricted" or "user" account, they cannot make these changes by default as the cosole is locked out. Where the user has a local administrator account then you should set a password via policy to prevent an "admin" user from making changes.
In ePO, navigate to :
VirusScan Enterprise 8.8.0 > General Options Policies > My Default ( or assigned policy )
@MMJ The log files will not show you if Access Protection has been disabled or not. If it's disabled, you just won't see any new entries in the logs.
All VSE product logs can be found under %programdata%\Mcafee\DesktopProtection\Logs
HI MMJ,
There are no logs that show who disabled OAS/Access Protection on a workstation or server. However, these settings are only accessible via the local console for VSE, on this basis you can say that the "logged in user" made the changes ( if they are not done by ePO). If the user allows someone else to change these settings then maybe a discussion needs to be had around company policy etc.
However, also in the local console or via ePO you can set a password to "lockout" the local console and prevent users from making these changes.. I suggest this would be the best course of action at this point.
Also, if the logged in user has a "restricted" or "user" account, they cannot make these changes by default as the cosole is locked out. Where the user has a local administrator account then you should set a password via policy to prevent an "admin" user from making changes.
In ePO, navigate to :
VirusScan Enterprise 8.8.0 > General Options Policies > My Default ( or assigned policy )
So far there are no logs that facilitates your requirements. However, you may create a query to check the list of machines along with the users where the Access Protection is in disabled state and could bring this report to your ePO dash board.
In addition, you may lock the console from the ePO with a password that would not allow the user to make any changes.
Go to ePO policies for VSE > VirusScan Enterprise 8.8.0 > General Options Policies > My Default ( customized policy for General Options )