Hello Chris,

thank you for getting in touch on this.

In the log window, under Forensic Details refer to the Vulnerable Operating Systems row - click on the Summary link.

-> I can see what happened on the emulated OS incl. the Emulation Video. but I cannot identify from which client the emulation came from.

If the browser extension is used verify the logging options are set per:

-> I´ve checked the log settings in the registry and all 

Did you check the corresponding gateway setting to receive them?

What Endpoint client version is deployed and how is it managed?

Could you provide more informations on your last post?

The Endpoint solution is either cloud managed or On-Prem.

Version wise is the client E86.80 or higher?

The SK article with the logs_enabled parameter also states:

The option needs to be enabled on the Security Gateway as well, logs_api_enabled needs to be set to TRUE under /opt/CPUserCheckPortal/phpincs/conf/TPAPI.ini

For faster resolution perhaps a remote session with TAC would be helpful. 

Hi Chris,

our entire environment is On-Prem including TE Appliance.

Version is E86.50. We have a few test clients running on E87.20 as well.

Security Gateway = TE Appliance or is that our Endpoint Management Server?

TE appliance in this instance.

(Though obviously also worthwhile reviewing your Endpoint logs for the same time period aswell)

Ok, I checked the TPAPI.ini and the logs_api_enabled was set to TRUE.

OK Good. Please contact TAC to investigate further.

Very conscious of the time spent here versus actually investigating the endpoint itself.

With respect to that element note we do have an Incident Response service you can engage where needed.