1 of 1 people found this helpful
Create an Action Protection rule to "REPORT" only (make sure NOT to enable block):
Rule Name: Report Only: *.exe
Processes to include: *
Processes to exclude: mcshield.exe, scan*.exe, Stinger.exe
File or folder name to block: **\*.exe (OR dial-in to the actual folder you would like to REPORT on)
File actions to prevent: Files being executed
Get ready for increase log rollover and performance degradation; that's the reason why there isn't an actual "log" of every entry that McShield scans - to much overhead; yet in a pinch it's a great way to troubleshoot.
I appreciate the suggestion, but that's still only logging process launches. The files that I'm trying to track scans against are not .exe's. The Access Protection rule would need a "Files to Include" option.
Perhaps, replace "exe" with the file extension of your choice and get ready for the flood.
I tried with above rule in VSE AP and ENS TP but unable to get any events in the machine. ?
It is working. Thank you.