Greetings. We are running Lumension Endpoint Security v4.6 on a domain in a closed, air-gapped environment. The issue is that for some systems, we do not see Windows System Event logs on the local client machines for some events, but do see other types of events. Specifically, when a user is not granted access to be able to burn to a CD, we expect to see an entry in the Windows Event Log as source of scomc, Event ID 19, with a description of "Device control denied write access for device..." This DOES happen on some systems, but not all. However, on the same PC that doesn't log "denies," scomc does correctly log an event to the Windows System Event logs with an Event ID 25 when a used does have permissions to write to CD media. Lumension is correctly logging all activity to the Lumensions log on the Application Server.
So that's it. Is there are granular control over what appears in the Windows System Event Log? I've found only the one setting to enable/disable logging from the Lumension Management Console. Thank you for your time and attention.