cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 7

User Defined Access Protection Logs


I recently called into McAfee support and had them help me set up some user defined access protection rules.  The tech pointed me to the log but after further review its only the log for the local server.  We put these rules into report mode and I do not know where to find the logs so I could see what would be blocked if they were in block mode.  Where would I be able to find the logs to see what would be blocked if these rules we created were turned on?

6 Replies

Re: User Defined Access Protection Logs

Moved this provisionally to ePO for better support.

Moderator

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 7

Re: User Defined Access Protection Logs

Hi there,

You can type and run %DEFLOGDIR% and look for AccessProtectionLog.txt

Best regards,

Jose Maria

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 7

Re: User Defined Access Protection Logs

I know where to get the local results from the server.  I can see what would be blocked on the server locally.  What I am looking for is where I see the logs for the clients.  Where are the logs for the clients collected and placed on the server.  I need to know what is being blocked on the clients for the user defined rules.  I don't want to go to 3000 clients and see what is being blocked on each one.  I want to go to the server and see what is being blocked on the clients.  Where are the logs for the clients access protection rules on the server?

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 7

Re: User Defined Access Protection Logs

Well, you will no be able to get the log in the server. You can from ePO create an automated response to receive emails when an AP event is triggered (what I do not recommend you as you will be flooded with emails). You could check McAfee SIEM which may give you the functionality that you are looking for.

Best regards,

Jose Maria

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 7

Re: User Defined Access Protection Logs

Honestly, I would love the e-mail Idea!  I can get a few and set up a rule to send them to a folder for review later.  How do I do that?

Former Member
Not applicable
Report Inappropriate Content
Message 7 of 7

Re: User Defined Access Protection Logs

Hello,

This is an example how to create one for the event 1203 (On demmand scan complete)

https://kc.mcafee.com/corporate/index?page=content&id=KB69428

You should do the same but for the event 1095.

Please, make sure that you have this event enables. To do that please login in your ePO and then go to Menu - Configuration Server configuration and then select the option event filter. Please make sure that you have the event 1095 tick.

Best regards,

Jose Maria

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community