Kaspersky Endpoint Security for Windows 11.2.0

Adding or excluding records to or from the event log

Event logging is available only for operations with files on removable drives.

To enable or disable event logging:

  1. In the main application window, click the Settings button.
  2. In the left part of the window, in the Security Controls section, select Device Control.

    In the right part of the window, the settings of the Device Control component are displayed.

  3. In the right part of the window, select the Types of devices tab.

    The Types of devices tab contains access rules for all devices that are included in the classification of the Device Control component.

  4. Select Removable drives in the table of devices.

    The Logging button becomes available in the upper part of the table.

  5. Click the Logging button.

    This opens the Logging Settings window.

  6. Do one of the following:
    • If you want to enable logging of file deletion and write operations on removable drives, select the Enable logging check box.

      Kaspersky Endpoint Security will save an event to the log file and send a message to the Kaspersky Security Center Administration Server whenever the user performs write or delete operations with files on removable drives.

    • Otherwise, clear the Enable logging check box.
  7. Specify which operations must be logged. To do so, perform one of the following:
    • If you want Kaspersky Endpoint Security to log all events, select the Save information about all files check box.
    • If you want Kaspersky Endpoint Security to log only information about files of a specific format, in the Filter on file formats section, select the check boxes opposite the relevant file formats.
  8. Click the Select button.

    The Select users and/or groups window opens.

    When the users specified in the Users section write to files located on removable drives or delete files from removable drives, Kaspersky Endpoint Security will save information about such operations to the event log and send a message to the Kaspersky Security Center Administration Server.

  9. Do the following:
    • To add users or user groups to the table in the Select users and/or groups window:
      1. In the Select users and/or groups window click the Add button.

        The standard Select users or groups window in Microsoft Windows opens.

      2. In the Select users or groups window in Microsoft Windows, specify users and / or groups of users for which Kaspersky Endpoint Security recognizes the selected devices as trusted.
      3. In the Select users or groups window click the OK button.

        The names of users and / or groups of users that are specified in the Select users or groups window of Microsoft Windows are displayed in the Select users and/or groups window.

    • To delete users or user groups from the table in the Select users and/or groups window, select one or more rows in the table and click Delete.

      To select multiple rows, select them while holding down the CTRL key.

  10. In the Select users and/or groups window click the OK button.
  11. In the Logging settings window, click OK.
  12. To save changes, click the Save button.

You can view events associated with files on removable drives in the Kaspersky Security Center Administration Console in the workspace of the Administration Server node on the Events tab. For events to be displayed in the local Kaspersky Endpoint Security event log, you must select the File operation performed check box in the notification settings for the Device Control component.