Is it possible to detect in scsp who is accessing my shared folders or whom did changes ?I
I have applied prevention policy "allow but log modifications to these files" check attached screen shot
for testing i have accessed shared folder and created one text file form other computers, scsp agent genreat log but not showing who is created this file , what is system ip address or what is user name who is created this file.
what i need to do changes in policy, so i can detect who created file, ip and user name in local network?
below log has been genreated
SOURCE
Agent Name avadmin
Host Name avadmin
Host IP Address 192.168.42.250
Agent Version 5.2.9.670
OS Type Windows
OS Version Server 2008 R2
Agent Type CSP Native Agent
EVENT
Event Type File Access
Event Category Real Time - Prevention
Operation IoCreateFile
Event Severity Notice
Event Priority 25
Event Date 10-Jul-2013 01:13:56 PDT
Post Date 10-Jul-2013 01:14:49 PDT
Post Delay 00:00:53
Event Duration 00:00:00
Event Count 1
Event ID 194951
DETAILS
Description File Write Allowed for LanManager on C:\Symantec RU3\New Text Document.txt
Policy Name sym_win_protection_strict_sbp for AVADMIN
Process LanManager
File Name C:\Symantec RU3\New Text Document.txt
Disposition Allow
Process Set remote_file_ps
Operation IoCreateFile
OS Result 00000000 (SUCCESS)
SCSP Result 00000000 (SUCCESS)
Permissions Requested 00110080 (delete, synch, read_attr)
Process ID 4
Thread ID 3216