Filtering 'Device Control' Logs
Comodo Client Security allows you to create custom views of all logged events according to user defined criteria. You can use the following types of filters:
Clicking on the handle at the bottom enables you to filter the log entries for a selected time period:
- Today - Displays all logged events for today.
- Current Week - Displays all logged events during the current week. (The current week is calculated from the Sunday to Saturday that holds the current date.)
- Current Month - Displays all logged events during the month that holds the current date.
- Entire Period - Displays every event logged since Comodo Client Security was installed. (If you have cleared the log history since installation, this option shows all logs created since that clearance).
- Custom Filter - Enables you to select a custom period by choosing the 'From' and 'To' dates under 'Please Select Period'
Alternatively, you can right click inside the log viewer module and choose the time period.
You can further refine the displayed events according to specific filters. Following are available filters for 'Device Control Events' logs and their meanings:
- Name: Displays the name of the external device.
- Identifier: Displays the type of device blocked by CCS.
- Class: Displays the class of Device such as USB, Firewire and Bluetooth.
- State: Displays the Enabled/Disabled status of Device control.
To
configure Advanced Filters for Device Control Logs
-
Click the funnel button from the title bar. The Advanced Filter interface for 'Device Control Events' logs will open.
-
Select the filter from the 'Advanced Filter' drop-down and click 'Add' to apply the filter.
You have 3 categories of filters that you can add. Each of these categories can be further refined by either selecting or deselecting specific filter parameters or by the user typing a filter string in the field provided. You can add and configure any number of filters in the 'Advanced Filter' dialog.
Following are the options available in the 'Add' drop down menu:
i. Name: The 'Name' option enables you to filter log entries related to specific name. Selecting the 'Name' option displays a drop-down field and text entry field.
-
Select 'Contains' or 'Does Not Contain' option from the drop-down field.
-
Enter the text of the name that needs to be filtered.
For example, if you select 'Contains' option from the drop-down field and enter 'Sandisk', then all events containing the entry 'Sandisk' in the 'Name' field will be displayed. If you select 'Does Not Contain' option from the drop-down field and enter 'Sandisk' in the text field, then all names that do not have the entry 'Sandisk' in the 'Name' field will be displayed.
-
Identifier: The 'Identifier' option allows you to filter log entries based on the type/classification of device. Selecting the 'Identifier' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.
-
Select 'Contains' or 'Does Not Contain' option from the drop-down field.
-
Enter the text of the name that needs to be filtered.
For example, if you select 'Contains' option from the drop-down field and enter 'USBSTORDISK', then all events containing the entry 'USBSTORDISK' in the 'Identifier' field will be displayed. If you select 'Does Not Contain' option from the drop-down field and enter 'USBSTORDISK' in the text field, then all names that do not have the entry 'USBSTORDISK' in the 'Identifier' field will be displayed.
iii. Class: The 'Class' option allows you to filter log entries based on the class of devices. Selecting the 'Class' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.
-
Select 'Contains' or 'Does Not Contain' option from the drop-down field.
-
Enter the text of the name that needs to be filtered.
For example, if you select 'Contains' option from the drop-down field and enter '4D36E967', then all events containing the entry '4D36E967' in the 'Class' field will be displayed. If you select 'Does Not Contain' option from the drop-down field and enter '4D36E967' in the text field, then all names that do not have the entry '4D36E967' in the 'Class' field will be displayed.
iv. State: The 'State' option allows you to filter log entries based on the Enabling/Disabling status of the device. Selecting the 'State' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.
-
Select 'Contains' or 'Does Not Contain' option from the drop-down field.
-
Enter the text of the name that needs to be filtered.
For example, if you select 'Contains' option from the drop-down field and enter 'Disabled', then all events containing the entry 'Disabled' in the 'State' field will be displayed. If you select 'Does Not Contain' option from the drop-down field and enter 'Disabled' in the text field, then all names that do not have the entry 'Disabled' in the 'State' field will be displayed.
Note: More than one filter can be added in the 'Advanced Filter' pane. After adding one filter type, select the next filter type and click 'Add'. You can also remove a filter type by clicking the 'X' button at the top right of the filter pane. |
- Click 'Apply' for the filters to be applied to the 'Device Control Events' log viewer. Only those entries selected based on your set filter criteria will be displayed in the log viewer.