cancel
Showing results for 
Search instead for 
Did you mean: 
akghauri
Level 7

How to Allow Printer in DLP

Dear Concern,

Good Day !

Recently we installed Mcafee DLP 9.3 in our office.

We blocked all USB due to security requirement, but after block the USBs all users are facing problem in installation of Printers. As you know mostly printers are available in the market that are installed on USB.

Kindly help me how we can install all USB printers without opening of USB in our group.

An early reply will be highly appreciated.

Regards

Ashfaque Ghauri

0 Kudos
14 Replies
exbrit
Level 21

Re: How to Allow Printer in DLP

Moved from Home products to Business > DLP for better attention.

0 Kudos
akghauri
Level 7

Re: How to Allow Printer in DLP

Sorry I can't understand DLP 9.3.100.73 is not Business product ?

0 Kudos
exbrit
Level 21

Re: How to Allow Printer in DLP

akghauri wrote:

Sorry I can't understand DLP 9.3.100.73 is not Business product ?

Yes of course it is.  I simply moved the discussion to the section where it will be handled better.

0 Kudos
akghauri
Level 7

Re: How to Allow Printer in DLP

Ok ! Thanks

0 Kudos
fstellamans
Level 7

Re: How to Allow Printer in DLP

Hello akghauri,

You should create a new device definition for USB printers with the following parameters:

Bus Type: USB

USB Class Code: 07h - Printer

Once you have this new device definition, simply exclude it from your blocking rule.

Regards,

F-X Stellamans

0 Kudos
akghauri
Level 7

Re: How to Allow Printer in DLP

Thanks for your reply.

Can you guide me where we have to put USB Class Code ?

Below is the screen shot where we have to put the value.

Awaiting your positive reply in this regards will be highly appreciated.

Regards

usb_printer_allow.jpg

0 Kudos
fstellamans
Level 7

Re: How to Allow Printer in DLP

Your screenshot shows a Removable Storage Device Definition.

You will find the USB Class Code in a Plug and Play Device Definition.

Best practice is to block all USB devices at the PnP level rather than at the Removable Storage Device level.

I would block all unwanted USB devices at the PnP level and control access to authorized USB devices (who has access to what) at the Removable Storage Device level.

Regards,

F-X Stellamans

0 Kudos
akghauri
Level 7

Re: How to Allow Printer in DLP

Sorry for disturb you again.

Can I have make USB Block, USB Allow & USB Printer Allow rules separately ?

Can you help to me create that rules and Plug and Play definition ?

Thanks in advance for your kind co-operation in this regards will be highly appreciated.

Regards

plug_N_play.jpg

0 Kudos
fstellamans
Level 7

Re: How to Allow Printer in DLP

akghauri,

Here is an example that you could use:

Create PnP Device Definitions:

1) Name= PnP All Devices

     Bus Type= USB

     Device Class= select all of them

2) Name= PnP Allowed USB

     Filter using PID/VID/Serial number of authorized USB

Create a PnP Device Rule:

     Name= Block USB Devices (except Allowed Devices)

     Step 1 of 3= include "PnP All Devices", exclude "PnP Allowed USB"

     Step 2 of 3= block, monitor (and notify)

     Step 3 of 3= apply to all users (User Assignment Group that should contain Domain Users and Local Users if you use Active Directory)

0 Kudos