Events occurring in the system are recorded in the corresponding logs. Event details are stored as records containing detailed information for event analysis.

As a rule, hackers try to modify or delete Windows log entries in order to hide their actions in the operating system. Keeper ZT stores logs on its server. Thus, you can view the history of running processes in the Keeper ZT Control Panel. The logs are protected by supplementary encryption.

Keeper ZT's own logs display all actions carried out under the management and control of Keeper ZT. Keeper ZT logs can always be used to track which executable code was launched, which file was launched and where it is located in the system, as well as who and when launched it and who gave permission to launch it. You can track what other endpoints have this file and where it is located in the system. In the event of an incident, it will be enough for the information security staff to track the entire history of actions and eliminate, if necessary, non-legitimate files, processes from the system, as well as identify their origin.