|
hilbert -> making EPS log capability better (12.May2008 4:24:48 PM)
|
Verison EPS 20080215 with patched agent.
if you deny "read access" to all internal peripheral (cd-rom,floppy,etc) except Hard Drive, every time a user launches an application (example: MS word)and browses the devices to open a file located in the hard drive(C:\test.doc), EPS logs an "Access Deny"on Cd-rom,floppy, etc., generated for the user using that application. In this way EPS generates hundred of false tentatives daily, although users never tried to access to internal peripherals.
Are you able to make the agent capability "smarter",in order to identify a real and deliberate access to a forbidden device?
Thnx
Hilbert
|
|
|
|