Interpreting Results

You can interpret Log Explorer results in several ways.

The primary reasons for not allowing file execution, resulting in the Denied value in the Custom Message field, are as follows.

  • The file is unknown or is not centrally authorized. This means that either:
    • The program is not authorized and should remain so. This happens when the user tries to run an unauthorized application.
    • The software has not been yet authorized and should be evaluated for addition to the central file authorization list.
  • The user does not have access to the file group that the file is assigned to. For example, the file may have been scanned and is on the central authorization list but belongs to a file group which is not accessible to the user. This means that either:

    • A user is trying to run a program to which the user has no rights.
    • The user, or one of the user groups to which the user belongs, should be granted access to the appropriate file group.

When a user has permission to locally authorize files and uses a particular file frequently, the file may be worth scanning and including it in a special file group to avoid having several users locally authorize the same application.

When you are using the Log Explorer module to monitor administrator actions the Target field may show a different set of information than you normally received for a file group when:

  • A user access role has been modified.
  • Options are changed.
  • The names of the authorized files are changed.