Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 3

Creating a rule to allow CD\DVD\ROM access.

I am trying to tweak an existing rule to allow a certain group access to their cd\rom when they logon and deny all others.

I am using DLP

The events come in with the information showing the drive has been blocked, even for those I want to be able to access.

I have tried entering the information from this event to allow access, without success.

ie :

Event Generated Time (Endpoint):   3/30/2011 2:35:08 PM

Event Generated Time (UTC):   3/30/2011 7:35:08 PM

User Name:  

Computer Name:   KFNBMOBILE18

Associated Rules:   Executive Block Removeable Mass Storage except CD

Agent Action(s):   Block, Monitor, Notify User

Agent Version:

Policy Name:   DLP Security Policy

Policy Time (UTC):   3/30/2011 7:20:18 PM

Connection State:   Online

Device Class GUID:   4D36E965-E325-11CE-BFC1-08002BE10318

Device Class Name:   DVD/CD-ROM drives

Device Name:   HL-DT-ST DVD-ROM DU10N

Device Compatible ID:   GenCdRom

Device Instance ID:   IDE\CDROMHL-DT-ST_DVD-ROM_DU10N__________________1.05____\4&3341A3E&0&0.1.0

Bus Type:   IDE

Device File-System Access:   Read - Only

Volume Label:   CD1

Volume Serial Number:   249E-FCDF

Device File System Type:   CDFS

I did not see a way to add the device class GUID or the device serial number.

I have added the class name, device name, device compatable id, device instance id

I would really appreciate any help.

2 Replies
Level 13
Report Inappropriate Content
Message 2 of 3

Re: Creating a rule to allow CD\DVD\ROM access.

You can use the user assignment group to exclude the users you want to use the cd-rom from the rule.

Re: Creating a rule to allow CD\DVD\ROM access.

That's correct. You can exclude the users/groups - you want to allow access.

- AB

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator