I'm working on creating some Application and Device Control policies that can monitor the USB drives that are plugged into machines. I'm hoping that I may be able to record the Device IDs of the USB Drives so that if necessary I can add blocks to the Application and Device Control Policy. However I'm currently having an issue with testing in terms of locating where this information is saved. So for instance at the moment I have a policy in place to block a specific USB Device and it appears to be working. I can check the SEP Client Logs and under Security Log - Client Management Logs I actually see the event of the USB Device being blocked. What I'm interested in now is locating these entries in the SEPM. I think I've checked all of the Monitors -> Logs with no luck. Is anyone familiar with where this is located? Also is it possible to record the Device IDs for all plugged in devices? It would be nice for management of restricting infected devices.
Thanks,
Mike