Block external USB HDD on WIN10 clients with DLP10
I'm unable to block external USB HDD's on Windows 10 using DLP 10. After trying a few different approches with both Removable Storage Device rules and Plug and Play device rules, I found that for some reason Windows 10 is assigning a device GUID to these devices that matches the device GUID of the internal HDD. I found that this GUID is whitelisted by default in the SCSI and RAID Controller device class which may be why none of by blocks are working. I've so far not been able to find a way to block these devices on Windows 10. Is there a built-in device template I can use that will or possibly a known-working rule configuration?
but the current situation is no longer applicable due to McAfee whitelisting the GUID of the internal HD and SCSI and RAID controllers.
I open a ticket with McAfee support, which so far has not being of help. I've also tested several approaches same as you and I've found out that not the Removable Storage Device nor the Plug and Play rules work to detect these kind of devices (UAS), probably because of the built-in whitelisting of the same GUID.
So finally the best approach I've found is to define a Fixed Hard Disk rule to block the ones with a file system different than NTFS. Which of course it's not perfect, because if you format on ntfs one of those disks you will still have access to it, but since by default they come in exFAT it should catch most of them. But I do also appreciate some guidelines, tips, known-working rule to help with this, since it won't probably will pass a serious audit.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.