cancel
Showing results for 
Search instead for 
Did you mean: 
ryanoc
Level 7

DLP How Do I Allow Specific USB Devices?

My network is running ePO V4.0 with DLP V9.0.1.7

I've been through a basic training course for HBSS and we went over how to allow specific USB devices, but I don't seem to be putting in the information correctly because I can't get it to work.

My desired outcome would be all, but approved, USB devices would be blocked and deny access. I think it may be how I enter the serial number for the device itself.

I have a definition made for specific Approved USB Devices. Under USB Device Serial Number, I have tried 1110250021E3&0 as it appears in my registry, 1110250021E30, and 16A0CD8B as it appears in msinfo32.

I have another definiton - Bus Type: USB - Block On/Off, Monitor On/Off, Notify On/Off

Under Device Rule, my rule has Bus Type: USB - Block On/Off, Monitor On/Off, Notify On/Off is checked for Include, and my Approved device definition for Exclude.

When I plug in the aprroved device, I still recieve the Pop-Up message stating the device is blocked, and access to the drive is denied.

Also, I am making sure the policy is applied, and the machine I am testing on has the new policy.

Can anyone provide me some info as to what I may be doing wrong, or maybe an example of a working setup I may reference?

0 Kudos
2 Replies
virgona
Level 9

Re: DLP How Do I Allow Specific USB Devices?

You can find blocked device id from DLP monitor, then add it into your approved list.

0 Kudos
tonyw
Level 12

Re: DLP How Do I Allow Specific USB Devices?

The installation guide suggests running in a monitor only mode during initial deployment so you can do as virgona suggests: collect the device information from the monitor and use that to build your excluded device list without impacting the environment.

0 Kudos