Symantec Critical System Protection Agent Event Viewer Guide



Similar documents
Symantec Critical System Protection Agent Event Viewer Guide

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0

Symantec Data Center Security: Server Advanced v6.0. Agent Guide

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference

Symantec Critical System Protection Agent Guide

Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4

Veritas Cluster Server Getting Started Guide

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec LiveUpdate Administrator. Getting Started Guide

Symantec Mobile Management for Configuration Manager

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7

Symantec Security Information Manager - Best Practices for Selective Backup and Restore

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1

Symantec Client Firewall Policy Migration Guide

Symantec Protection Center Enterprise 3.0. Release Notes

Symantec Response Assessment module Installation Guide. Version 9.0

Symantec Enterprise Vault Technical Note

Symantec Endpoint Protection Shared Insight Cache User Guide

Symantec System Recovery 2013 Management Solution Administrator's Guide

Encryption. Administrator Guide

Symantec Virtual Machine Management 7.1 User Guide

Symantec Security Information Manager 4.8 Release Notes

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0

Symantec NetBackup Vault Operator's Guide

Symantec Event Collector 3.6 for Blue Coat Proxy Quick Reference

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide

Symantec Mobile Management 7.2 MR1Quick-start Guide

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

PGP CAPS Activation Package

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Symantec Protection Engine for Cloud Services 7.0 Release Notes

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide

Symantec System Recovery 2011 Management Solution Administrator's Guide

Symantec Security Information Manager 4.6 Administrator's Guide

Symantec NetBackup OpenStorage Solutions Guide for Disk

PGP Desktop Version 10.2 for Mac OS X Maintenance Pack Release Notes

Symantec ApplicationHA agent for Internet Information Services Configuration Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Symantec Event Collector 4.3 for SNARE for Windows Quick Reference

Symantec Enterprise Security Manager Modules. Release Notes

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Symantec Mobile Security Manager Administration Guide

Symantec Management Platform Installation Guide. Version 7.0

Symantec Security Information Manager 4.5 Administrator's Guide

Symantec NetBackup for Lotus Notes Administrator's Guide

Symantec Endpoint Protection Integration Component 7.5 Release Notes

Symantec Event Collector 4.3 for Cisco PIX Quick Reference

Symantec Secure Proxy Administration Guide

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide

Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes

Symantec Security Information Manager 4.5 Reporting Guide

Symantec Enterprise Vault

Symantec Encryption Desktop Version 10.3 for Windows Maintenance Pack Release Notes

Configuring Symantec AntiVirus for NetApp Storage system

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server

Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide

Altiris Asset Management Suite 7.1 from Symantec User Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Storage Foundation Scalable File Server Replication Guide 5.5

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide

Symantec Security Information Manager 4.5 Installation Guide

Symantec NetBackup Clustered Master Server Administrator's Guide

Symantec Enterprise Vault Technical Note. Administering the Monitoring database. Windows

Symantec Endpoint Protection and Symantec Network Access Control Client Guide

Symantec Endpoint Protection Small Business Edition Client Guide

Veritas Dynamic Multi-Pathing for Windows Release Notes

Altiris Monitor Solution for Servers 7.5 from Symantec User Guide

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault

Symantec NetBackup AdvancedDisk Storage Solutions Guide. Release 7.5

Symantec Enterprise Vault

Symantec Protection for SharePoint Servers Implementation Guide

Symantec NetBackup for Microsoft SQL Server Administrator's Guide

Symantec AntiVirus Corporate Edition Administrator's Guide

Symantec bv-control for Microsoft Exchange 9.0 Getting Started Guide

Symantec Enterprise Vault

Symantec Endpoint Protection and Symantec Network Access Control Client Guide

Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide

Symantec AntiVirus for Network Attached Storage Integration Guide

Symantec Enterprise Vault. Upgrading to Enterprise Vault

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Symantec ApplicationHA 6.1 Generic Agent Configuration Guide - AIX on IBM PowerVM

Symantec NetBackup for DB2 Administrator's Guide

Transcription:

Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 5.2 Legal Notice Copyright 2007 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and LiveUpdate are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 http://www.symantec.com

Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product feature and function. The Technical Support group also authors content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s maintenance offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization A telephone and web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers automatic software upgrade protection Global support that is available 24 hours a day, 7 days a week Advanced features, including Account Management Services For information about Symantec s Maintenance Programs, you can visit our Web site at the following URL: www.symantec.com/techsupp/ Contacting Technical Support Customers with a current maintenance agreement may access Technical Support information at the following URL: www.symantec.com/techsupp/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to recreate the problem. When you contact Technical Support, please have the following information available: Product release level Hardware information Available memory, disk space, and NIC information Operating system

Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/techsupp/ Customer service information is available at the following URL: www.symantec.com/techsupp/ Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization Product registration updates such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and maintenance contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals

Maintenance agreement resources Additional Enterprise services If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows: Asia-Pacific and Japan: contractsadmin@symantec.com Europe, Middle-East, and Africa: semea@symantec.com North America and Latin America: supportsolutions@symantec.com Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following: Symantec Early Warning Solutions These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur. Managed Security Services Consulting Services Educational Services These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats. Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities, each focused on establishing and maintaining the integrity and availability of your IT resources. Educational Services provide a full array of technical training, security education, security certification, and awareness communication programs. To access more information about Enterprise services, please visit our Web site at the following URL: www.symantec.com Select your country or language from the site index.

Contents Technical Support Chapter 1 Chapter 2 Agent event viewer overview About the agent event viewer... 9 What you can do with the agent event viewer... 9 Installing the software... 10 Starting the agent event viewer... 10 Using the agent event viewer Displaying events... 11 Searching events... 12 Sorting events... 12 Freezing and resuming scrolling... 13 Copying events to the Windows clipboard... 13

8 Contents

Chapter 1 Agent event viewer overview This chapter includes the following topics: About the agent event viewer What you can do with the agent event viewer Installing the software Starting the agent event viewer About the agent event viewer The Symantec Critical System Protection agent event viewer displays recent events that were reported by your Symantec Critical System Protection agent. Events are informative, notable, and critical activities that concern your computer and Symantec Critical System Protection. Shown as a separate, resizable window, the agent event viewer lets you see what Symantec Critical System Protection is doing on your computer. For example, suppose you suspect that a Symantec Critical System Protection prevention policy blocked an application on your computer from working correctly. Using the agent event viewer, you can analyze the events that were reported by your agent, to determine why the application failed. Your administrator can use the results of your analysis to adjust your policy, so the application works correctly. What you can do with the agent event viewer You can use the agent event viewer to do the following:

10 Agent event viewer overview Installing the software Display events reported by your Symantec Critical System Protection agent Display event details, including event priority, operation, process, process set, and process ID Sort events by column Search events using text strings Freeze and resume scrolling in the agent event viewer window Copy events to the Windows clipboard, for pasting into a word processing or spreadsheet document Installing the software The Symantec Critical System Protection agent event viewer runs on supported Microsoft Windows and Windows NT operating systems. The agent event viewer is automatically installed when you install the Symantec Critical System Protection agent. See the Symantec Critical System Protection Installation Guide for a list of supported operating systems. Starting the agent event viewer You start the Symantec Critical System Protection agent event viewer from the Windows system tray. To start the agent event viewer 1 Log on to your agent computer. 2 Click Start > Programs > Symantec Critical System Protection > Event Viewer.

Chapter 2 Using the agent event viewer This chapter includes the following topics: Displaying events Searching events Sorting events Freezing and resuming scrolling Copying events to the Windows clipboard Displaying events The Symantec Critical System Protection agent event viewer lets you display events by category. The categories are as follows: All events Prevention Display all prevention, detection, and management events. Display prevention events. An agent's prevention policy generates prevention events when applications access computer and network resources that violate the policy's behavior control. Detection Display detection events. An agent's detection policy generates detection events when monitored files or registry keys change, or when system or application logs generate events that match the policy's criteria.

12 Using the agent event viewer Searching events Management Display management events. An agent records management events that are related to the agent's configuration and communication status. Profile Display profile events. An agent's prevention policy generates profile events when a process is profiled. Virtual agents Display virtual agent events. An agent reports events from endpoint systems where Symantec Critical System Protection is not directly installed or managed. To display events Searching events Sorting events 1 In the agent event viewer, click an event category. 2 To display event details, click View > Details. Event details are shown in the bottom portion of the agent event viewer window. You can search events using text strings. To search events 1 In the agent event viewer, click Edit > Find. 2 In the Find dialog, in the Find what box, type a text string. 3 In the Find dialog, select the search direction. 4 (Optional) In the Find dialog, select the Match case box to match uppercase and lowercase letters. 5 In the Find dialog, click Find Next. You can sort events by column. To sort events In the agent event viewer, click a column heading.

Using the agent event viewer Freezing and resuming scrolling 13 Freezing and resuming scrolling The Freeze command lets you temporarily halt scrolling in the agent event viewer window, so that you can study the events. To freeze and resume scrolling 1 In the event viewer, click View > Freeze. 2 When you are ready to resume scrolling, click View > Resume. Copying events to the Windows clipboard You can copy selected events to the Windows clipboard, and then paste the contents of the clipboard into a word processing or spreadsheet document. The Copy as CSV command copies selected events in an unformatted style. The data items in each event are separated by commas. The Copy command copies selected events in a formatted style. To copy events to the Windows clipboard 1 In the agent event viewer, select one or more events. Press and hold the Ctrl key to select multiple events. 2 Click Edit > Copy or Edit > Copy as CSV.

14 Using the agent event viewer Copying events to the Windows clipboard

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information