Hi,
Have a client who is complaining that "it hasn't operated right since it was put on."
Now this person tends to visit questionable sites, but our policies are set to block etc... and now allow them to override those settings.
As a test, we created a policy with no Web or Identity shield enabled at all, but he still complains.
Is there a way to download the log files from the console to my notebook so I can see what sites etc... have been accessed or blocked??? There's nothing showing in terms of malware found by looking through the scan history. So my guess he's getting sooky cause he can't visit certain adult materials.
Thanks
John Hart
Nerds On Site
johnh@nerdsonsite.com
How do I download logs from an endpoint to see what has been blocked etc...
+56Yep - just go the machine he's on and look in the WRLog.log file in c:programdataWRData and it will list any blocked websites that he's tried to visit. The console will only show threats detected in those logs, so for the website stuff you need to look on the local machine.
Will there eventually be a way to download those logs from the endpoint to the admin through the console? That'd be a nice feature. Say "Run scan and download log" as an agent command.
Considering I'm about a 4 hour drive away from this client, getting there to be at his machien to look at the log isn't always something I can do.
Considering I'm about a 4 hour drive away from this client, getting there to be at his machien to look at the log isn't always something I can do.
+56Unfortunately not - would you be able to remote into the machine to check them? Or you could have them email the log file to you?
+56Sounds good. Let us know what you find out. If the site that is blocked is legit and is a false positive, then we can get that site corrected and whitelisted.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.