Filter Device Control Logs
You can create custom views of all logged events according to the following criteria:
- Name - Show events that involve specific devices
- Identifier - Show events that involve devices with a specifc ID code
- State - Filter events by whether the connection attempt was successful or not
Configure event filters
- Open Xcitium Client Security
- Click 'More' > 'View Antivirus Events'
- Click the 'More' button to open the log viewer module
- Right-click inside the log viewer module and select 'Advanced Filter'
OR
- Click 'View' on the menu bar and select 'Advanced Filter'
There are 3 types of filter. Each of these can be further refined by selecting or deselecting specific parameters.
- Select a filter criteria and click 'Add'
-
Name: Filter logs based on the label of the device
- Select 'Contains' or 'Does Not Contain' from the second drop-down:
- Contains – Show only events which concern device name you specify.
- Does Not Contain – Inverts your choice. Show all events except those involving the device name you specify.
- Enter your filter criteria in the text field
-
Identifier: Filter entries based on the device ID of the external device.
-
Select 'Contains' or 'Does Not Contain' from the second drop-down:
- Contains - Show only events which concern device ID you specify.
- Does Not Contain - Inverts your choice. Show all events except those involving the device ID you specify.
- Enter the device ID in part or full as your filter criteria in the text field
-
State: Filter events based on whether the device connection attempt was allowed or blocked.
- Select 'Equal' or 'Not Equal' from the drop-down.
- Equal - Show only events that meet the criteria you select.
- Not Equal - Inverts your choice. For example, select 'Not Equal' + 'Allowed' to view every event except those where devices were allowed.
- Now select the state from ‘Allowed’ or ‘Blocked’.