behavior_monitoring_logs
Clients log unauthorized program access instances and send the logs to the server. A client that runs continuously aggregates the logs and sends them every 60 minutes, by default.
To keep the size of logs from occupying too much space on the hard disk, manually delete logs or configure a log deletion schedule. For more information about managing logs, see Managing Logs.
To view behavior monitoring logs:
Logs > Networked Computer Logs > Security Risks > View Logs > Behavior Monitoring Logs
Networked Computers > Client Management > Logs > Behavior Monitoring Logs
Specify log criteria and click Display Logs.
View logs. Logs contain the following information:
Date/Time unauthorized process was detected
Computer where unauthorized process was detected
Event monitoring rule violated by the process
OfficeScan action performed when violation was detected
Type of object accessed by the program
Risk level of the unauthorized program
Program, which is the unauthorized program
Operation, action performed by the unauthorized program
Target, which is the process that was accessed
Policy name of the event monitoring rule
To configure the Behavior Monitoring log sending schedule:
Access <Server installation folder>\PCCSRV.
Open the ofcscan.ini file using a text editor such as Notepad.
Search for the string "SendBMLogPeriod" and then check the value next to it. The default value is 3600 seconds and the string appears as SendBMLogPeriod=3600.
Specify the value in seconds. For example, to change the log period to 2 hours, change the value to 7200.
Save the file.
Go to Networked Computers > Global Client Settings.
Click Save without changing any setting.
Restart the client.
See also: