Jump to content

Recommended Posts

danrobsams
Posted

So maybe I’m just not using the event log correctly, but from what I can tell, its terrible. I have KES Cloud running for my enterprise network, using 90/100 licenses with 40 of those on call center computers that have browsing strictly controlled using a KES profile. What this means is that I have thousands of “Critical - Access Denied” events for things like the call center users opening firefox and the home page being blocked and from what I can tell, I can’t change this from not being logged, or reduce the severity to something like “Info"
 

This causes issues when I get an actual hit, like a virus detection and deletion, where I have to comb through the thousands of critical alerts to find what I actually need. I had 2 viruses detected two days ago but I can’t find them because there’s no way to search or filter by specific users or devices in the event log, and none of the available reports show these detections, so now If I need to look back at what was found/deleted, I either comb through 88,000 event logs where 86998 are website block notifications, or I’m out of luck. The detection notification is great and lets me look at the notification in my email, but if I get an email that “3 critical events have occured”, again im out of luck and back to combing through pages and pages. There has  to be a better way. I love the software and its been mostly good to use, but this is insane for an enterprise product. 

 

Surely I’m missing a setting here to have this work better. If so, let me know.

Guest
This topic is now closed to further replies.


×
×
  • Create New...