Log file protection

You can set sizes for management server logs, client logs, and Enforcer logs. Click OK. About configuring event aggregation You configure event aggregation for client logs in two locations on the console.

Location Description Use this location to configure the aggregation for risk events. You can configure settings for the following client logs: Control Packet Risk Security System Traffic For the Security, Risk, and Traffic logs, you can also configure the damper period and the damper idle period to be used for event aggregation. If you choose not to upload the client logs, it has the following consequences: You cannot view the client log data from the console by using the Logs tab on the Monitoring pane.

You cannot back up the client logs when you back up the database. You cannot export the client log data to a file or a centralized log server. To configure client log settings On the console, click Clients. In the Client Log Settings for group name dialog box, set the maximum file size and the number of days to keep log entries.

Check Upload to management server for any logs that you want the clients to forward to the server. For the Security log and Traffic log, set the damper period and the damper idle period.

These settings determine how frequently Network Threat Protection events are aggregated. Set the maximum number of entries that you want a client to upload to the manager at a time. About configuring client log handling options for antivirus and antispyware policies You can configure the following log handling options for antivirus and antispyware policies: Which antivirus and antispyware events are forwarded from clients to the Antivirus and Antispyware Protection logs on the server How long the events in the Antivirus and Antispyware Protection logs are retained on the server How frequently aggregated events are uploaded from clients to the server Backing up the logs for a site Log data is not backed up unless you configure Symantec Endpoint Protection to back it up.

To back up the logs for a site On the console, click Admin. Select a database server. Under Tasks, click Edit Backup Settings. In the Backup Settings group box, check Back up logs. About uploading large amounts of client log data If you have a large number of clients, you may have a large volume of client log data. You should consider whether or not you want to reduce the volume of data by using the following configurations: Upload only some of the client logs to the server. Filter the less important risk events and system events out so that less data is forwarded to the server.

If you still plan to upload very large amounts of client log data to a server, you need to consider the following factors: The number of clients in your network The heartbeat frequency, which controls how often the client logs are uploaded to the server The amount of space in the directory where the log data is stored before being inserted into the database A configuration that uploads a large volume of client log data to the server at frequent intervals can cause space problems. About managing log events in the database The database receives and stores a constant flow of entries into its log files.

Configuring database maintenance options for logs Administrators can configure database maintenance options for the data that are stored in the logs.

To configure database maintenance options for logs On the console, click Admin. Click the site's database, and under Tasks, click Edit Database Properties. To retain the subset of risk infection events after the threshold that you set for risk events, check the Do not delete infection events check box. Set how frequently you want to compress identical risk found events into a single event.

Set the number of days to keep the events that have been compressed. This value includes the time before the events were compressed. For example, suppose that you specify to delete compressed events after ten days and specify to compress events after seven days. In this case, the events are deleted three days after they are compressed. Set the number of days to keep acknowledged and unacknowledged notifications.

Set the number of days to keep scan events. Set the number of days to keep commands that you have run from the console and their associated command status information.

After this time, Symantec Endpoint Protection can no longer distribute the commands to their intended recipients. Check the check boxes if you want to delete unused virus definitions and the virus events that contain EICAR as the name of the virus. And Thank you for reading my post. Your email address will not be published. Save my name, email, and website in this browser for the next time I comment. Skip to content. Share this on Leave a Reply Cancel reply Your email address will not be published.

Privacy policy. Applies to : Azure Information Protection , Office Relevant for : AIP unified labeling client and classic client.

To provide a unified and streamlined customer experience, the Azure Information Protection classic client and Label Management in the Azure Portal are deprecated as of March 31, No further support is provided for the classic client and maintenance versions will no longer be released.

The classic client will be officially retired, and will stop functioning, on March 31, All current Azure Information Protection classic client customers must migrate to the Microsoft Information Protection unified labeling platform and upgrade to the unified labeling client. Learn more in our migration blog. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

File removed audit logs are supported only in Azure Information Protection scanner version 2. AIP audit logs are also sent to the Microsoft Activity Explorer, where they may be displayed with different names. Windows 10 pro, drive is encrypted with bitlocker might affects somehow?

Improve this question. Look there. Add a comment. Active Oldest Votes. Improve this answer. Offline scan results are NOT logged at this location though. For me the Defender Event Log is completely empty. Anything I need to enable? According to Microsoft , any threats detected by the offline scanner will show up in the Threat History where the online scanner also records any viruses found : Where can I find scan results? In previous versions of Windows: Select Threat history.

Christian Christian 61 1 1 silver badge 1 1 bronze badge.