Auditing, Shadowing & Alerts View (protocols)
There is a list of protocols for which you can define user-level audit, shadowing and alerts rules.
Also, there is an extended audit's feature called data shadowing - the ability to mirror all data transmitted over the network. A full copy of the data is logged. The shadow log is stored locally in the special directory and then can be transferred to DeviceLock Enterprise Server to store it in the SQL database.
NOTE: You can define different online vs. offline rules for the same user or sets of users. Online rules (Regular Profile) apply to client computers that are working online. Offline rules (Offline Profile) apply to client computers that are working offline. By default, DeviceLock works in offline mode when the network cable is not connected to the client computer. For more information on DeviceLock offline policies, see "DeviceLock Security Policies (Offline Profile)."
To define audit, shadowing and alerts rules for a protocol, right-click the protocol, and then click Set Auditing, Shadowing & Alerts or Set Offline Auditing, Shadowing & Alerts. Alternatively, you can select the protocol for which you want to define rules, and then click Set Auditing, Shadowing & Alerts or Set Offline Auditing, Shadowing & Alerts on the toolbar.
In DeviceLock Group Policy Manager and DeviceLock Service Settings Editor, if you want to reset audit, shadowing and alerts rules to the unconfigured state, select Undefine from the context menu.
If you want to return previously defined offline rules to the unconfigured state, select Undefine Offline from the context menu. If offline rules are undefined, regular rules are applied to offline client computers.
In DeviceLock Group Policy Manager and DeviceLock Service Settings Editor, if you want to block the inheritance of offline audit, shadowing and alerts rules and enforce regular rules, select Remove Offline from the context menu.