Policy Logging

Expand Logging to configure the following policy settings for matched users and endpoints:

Policy Setting

Details

Log the following

Endpoint Application Control collects logs from endpoints at a regular interval.

Select one of the following logging limitations:

  • Select None to log no actions.

  • Select Block to log any blocked application start or access that does not originate from an excluded directory.

    This is the default setting for a new policy.

  • Select Selected to log any selected application start or access that does not originate from an excluded directory. Use the list that appears to select the rules to match.

  • Select Any to log any application start or access that does not originate from an excluded directory.

    Note:

    Selecting this option may generate large log files and substantially increase network data transfers.

See About Logs and Log Types.

Exclude the following directories from logs

To exclude specific paths from logging, do the following:

  1. Under Log the following, select one of the following logging limitations:

    • Block

    • Selected

    • Any

  2. Select Exclude the following directories from logs and then type the application paths to exclude. Separate each path with a carriage return.

    The default paths are %SYSTEMROOT% and %WINDIR%.

Collect aggregated logs every

Endpoint Application Control collects logs from endpoints at a regular interval.

Select the interval for collecting the logs aggregated by endpoints.

The default setting is 2 hours. The suggested setting depends on the number of deployed agents.

See Server Requirements.