Generating a Kaspersky Security Center blocked devices report

You can import data on blocked connection attempts from devices from a report generated in Kaspersky Security Center as a result of running the Device Control task, and use this data to create a list of device control allow rules in a custom policy.

To generate a Kaspersky Security Center blocked devices report:

1. Open the task log settings in the policy that manages the protected device.
   1. In the main window of the Kaspersky Security Center Web Console, select Devices → Policies & profiles.
   2. Click the policy name you want to configure.
   3. In the <Policy name> window that opens, select the Application settings tab.
   4. Select the Logs and notifications section.
   5. Under Task logs, click Settings.

      A Task logs window opens on the Log storage tab.

2. Make sure that the Device Control log retention period exceeds the planned period of collecting data on blocked devices. The default is 30 days.

   Once the task log retention period expires, logged events will be deleted and will not appear in the report.

3. Activate the policy configured to collect blocked devices data.
4. If required, modify the Device Control mode.
5. After the period allocated for collecting data on blocked devices expires, create a selection of untrusted device detected and restricted and Statistics only: untrusted device detected events generated by the Device Control task.
6. Start event selection.
7. Export selection results to a TXT file.

   For details on creating, starting, and exporting a selection of events, refer to the Kaspersky Security Center Web Console Help.

8. If required, adjust the list of events in the resulting report file.

Page top