Policy Logging | Trend Micro Service Central

Policy Logging

Expand Logging to configure the following policy settings for matched users and endpoints:

Policy Setting

Details

Log the following actions

Select one of the following logging limitations:

Select None to log no actions.
Select Block to log any blocked application start or access that does not originate from an excluded directory.

This is the default setting for a new policy.
Select Selected to log any selected application start or access that does not originate from an excluded directory. Use the list that appears to select the rules to match.

Select Any to log any application start or access that does not originate from an excluded directory.

Selecting this option may generate large log files and substantially increase network data transfers.

Exclude the following directories from logs

Select Exclude the following directories from logs and then type the application paths to exclude. Separate each path with a carriage return.

The default paths are %SYSTEMROOT% and %WINDIR%.

Collect aggregated logs every

Select the interval for collecting the logs aggregated by endpoints.

The default setting is 2 hours. The suggested setting depends on the number of deployed agents.