AnsweredAssumed Answered

MEPP Logs

Question asked by Saad Nizam Employee on Aug 27, 2017
Latest reply on Aug 28, 2017 by Sagar Manandhar

Hi Experts,

 

Wanted to check if this is still valid in the latest version of our Endpoint Client (E80.70) ?

Is this true ?

 

Scenario.

Joe  inserts an encrypted USB stick, then copies FINANCE.XLS to it. Then removes the stick, takes it home, opens the USB stick using the password to unlock the stick, and copies FINANCE.XLS on to his home computer.

 

Solution:

Assuming that the policy implies creating the log entries for the security events, the log entry will be created when Joe copies some file to the encrypted part of the stick on an ME-protected machine. Then every time Joe reconnects the stick to an ME-protected machine and opens the encrypted part (either automatically or by entering the password) the log entries are added regarding file operations done through the offline access tool on a machine without ME installed (if any).

So, for example, we'll see the following entries in the log:
...
Copy D:\Restricted\FINANCE.XLS to F:\FINANCE.XLS
...
Offline copy E:\FINANCE.XLS to C:\Users\Joe\AppData\Local\Temp\EPM45.tmp\FINANCE.XLS
...

Outcomes