How do I download logs from an endpoint to see what has been blocked etc...

  • 30 June 2015
  • 5 replies
  • 840 views

Userlevel 6
Badge +28
Hi,
 
Have a client who is complaining that "it hasn't operated right since it was put on."
 
Now this person tends to visit questionable sites, but our policies are set to block etc... and now allow them to override those settings.

As a test, we created a policy with no Web or Identity shield enabled at all, but he still complains.
 
Is there a way to download the log files from the console to my notebook so I can see what sites etc... have been accessed or blocked??? There's nothing showing in terms of malware found by looking through the scan history. So my guess he's getting sooky cause he can't visit certain adult materials.
 
Thanks
 
John Hart
Nerds On Site
johnh@nerdsonsite.com

5 replies

Userlevel 7
Badge +56
Sounds good.  Let us know what you find out.  If the site that is blocked is legit and is a false positive, then we can get that site corrected and whitelisted.
Userlevel 6
Badge +28
yeah, i'll have to do that. The person isn't exactly tech savvy.
Userlevel 7
Badge +56
Unfortunately not - would you be able to remote into the machine to check them?  Or you could have them email the log file to you?
Userlevel 6
Badge +28
Will there eventually be a way to download those logs from the endpoint to the admin through the console? That'd be a nice feature. Say "Run scan and download log" as an agent command.
 
Considering I'm about a 4 hour drive away from this client, getting there to be at his machien to look at the log isn't always something I can do.
Userlevel 7
Badge +56
Yep - just go the machine he's on and look in the WRLog.log file in c:programdataWRData and it will list any blocked websites that he's tried to visit.  The console will only show threats detected in those logs, so for the website stuff you need to look on the local machine.

Reply