Collecting GFI EndPointSecurity events

GFI EndPointSecurity enables you to maintain data integrity by preventing unauthorized access, and, the transfer of content to and from the following devices or connection ports:

Device Example
USB Ports

Flash/Memory card readers and pen drives.

Firewire ports

Digital cameras and Fire-wire card readers.

Wireless devices

Bluetooth and Infrared dongles

Floppy disk drives

Internal and external (USB) floppy drives.

Optical drives

CD, DVD and Blu-ray discs.

Magneto Optical drives

Internal and external (USB) drives.

Removable storage USB hard-disk drives.
Other drives such as Zip drives and tape drives

Internal or External (USB/Serial/Parallel) drives.


For more information about GFI EndPointSecurity, refer to

Enable GFI EndPointSecurity logging

By default, GFI EndPointSecurity generates logs with information about:

  • The GFI EndPointSecurity service
  • Devices connected and disconnected on your network
  • Access allowed or denied by GFI EndPointSecurity to users.

To configure logging options in GFI EndPointSecurity:

1. From the machine running GFI EndPointSecurity machine, launch GFI EndPointSecurity Management Console.

2. Click Configuration tab > Protection Policies.

3. From the left pane, select the protection policy and click Set Logging Options.

4. Customize the settings available in Logging Option dialog.


For more information on how to configure GFI EndPointSecurity logging options, refer to the GFI EndPointSecurity documentation available from

Monitor GFI EndPointSecurity Events

GFI EventsManager has built-in processing rules for GFI EndPointSecurity events that are enabled by default. To monitor events generated by GFI EndPointSecurity, select Status tab > General and locate the Critical and High Importance Events section.

To configure GFI EndPointSecurity event processing rules, click Configuration tab > Event Processing Rules. For more information refer to Events Processing Rules.