I have ePO 5.1 with latest Device Control (removable devices). I am trying to block all USB memory sticks. I have defined the rules as per the KB KB60861 ; KB78585.
But the above step did not work for me. But when I set the rules to include the default " All removable USB Storage" instead of just custom "Removable USB storage" ule then it works fine. Whats causing this behavior?
Could you walk thru the rule you created? DLP will react to the rule as an "and" statement meaning if you choose "USB" and also "CD/DVD" then it's looking to block CD/DVD drives connected via USB only.
I think the part your missing if you followed those KB articles is how did you apply it to the users or computers ?
At the very end of the rule, did you add a user assignment group. If you did not then did you add the rule as a computer based policy in the system tree. If the answer is also no that is why your rule is not doing anything
I have made this a computer based policy. The same setting works fine for Windows 2008 R2 where as for visa OS it doesn't. So for Vista OS I made the rule to include "All removable USB Storage".
My objective is to block all removable devices. Is there any risk involved with my approach. My worry is that it should not block keyboard/mouse etc.
Also is there any variation in the DLP behavior from one hardware model to another hardware model?
Keyboard and moouse don't apply for 2 reasons. First, they are not a part of the removable storage classification. You would have to block them using a Plug and Play rule.
That being said, the PnP rule wouldn't work if you specified keyboard and mouse because DLP sees these as unmanaged classes. To configure the rule to block them you would have to block the USB hub itself on the system board.
If the rule works on one machine but not the other, my guess is the policy isn't getting assigned correctly for some reason down to the machine.
Support Tonny. You should include not only the USB protection rule, but the rule of the protection Plug and play devices. And it is better to test all the devices in a real environment. Technical support says that some devices may not be monitored :-)