What is the easiest way to whitelist a removable storage device?
At the moment to whitelist PnP devices we have created a whitelististed plug and play device definition which appears to be working.
For removable storage blocking, we have created two definitions "included RS" and "excluded RS", included grabs everything and is included in the device rule whilst excluded is a definition that has product/vendor IDs of devices that we dont want blocked. Is this the best way to achieve this?
Final question...apart from physically plugging a device you want "allowing" into a machine, does dlp create any local log files that include IDs locally on machines?