This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

USB Device logs

Hi all.

I got a question regarding the logs for USB-devices.

Is there any logs created on the endpoint or maybe on the SEC-server when a user connects a usb-device and sophos scans the device?

I have enabled Device Control Scanning, but i guess it will only show up in the "Device Control - Event Viewer" if blocked or if there is a virus detected?

Some Antivirus-products adds a log-file when a device is scanned even if its not blocked or any virus detected, is there any log-function like this in Sophos Endpoint or in the SEC 5.5.1

Best Regards

Tobbe_H

This thread was automatically locked due to age.

0 QC over 5 years ago
Hello Tobbe_H,

first of all, to dispel potential misconceptions:

Device Control strictly controls usage of or access to certain devices based on their type and optional ID. No other factors are taken into account except for Block bridged. Particularly AV detections have no bearing on Device Control (i.e. a storage device is not blocked in reaction to a detection) and detections aren't logged as Device Control Events

when a user connects a usb-device and sophos scans the device
while often sought for a device is not scanned following its insertion (with the exception of boot sectors if present)

If I understand correctly you are looking for a confirmation that a device has been scanned and is clean. As noted above there's no such feature and consequently no log. Perhaps the term Device Control Scanning is misleading.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Tobbe_h over 5 years ago in reply to QC

Hi Christian.

Ah i see, Yes i guess that the name mislead me abit. :)

Thank you.
Cancel
Vote Up 0 Vote Down

Cancel