Good Day !
Recently we installed Mcafee DLP 9.3 in our office.
We blocked all USB due to security requirement, but after block the USBs all users are facing problem in installation of Printers. As you know mostly printers are available in the market that are installed on USB.
Kindly help me how we can install all USB printers without opening of USB in our group.
An early reply will be highly appreciated.
Sorry I can't understand DLP 220.127.116.11 is not Business product ?
Yes of course it is. I simply moved the discussion to the section where it will be handled better.
You should create a new device definition for USB printers with the following parameters:
Bus Type: USB
USB Class Code: 07h - Printer
Once you have this new device definition, simply exclude it from your blocking rule.
Thanks for your reply.
Can you guide me where we have to put USB Class Code ?
Below is the screen shot where we have to put the value.
Awaiting your positive reply in this regards will be highly appreciated.
Your screenshot shows a Removable Storage Device Definition.
You will find the USB Class Code in a Plug and Play Device Definition.
Best practice is to block all USB devices at the PnP level rather than at the Removable Storage Device level.
I would block all unwanted USB devices at the PnP level and control access to authorized USB devices (who has access to what) at the Removable Storage Device level.
Sorry for disturb you again.
Can I have make USB Block, USB Allow & USB Printer Allow rules separately ?
Can you help to me create that rules and Plug and Play definition ?
Thanks in advance for your kind co-operation in this regards will be highly appreciated.
Here is an example that you could use:
Create PnP Device Definitions:
1) Name= PnP All Devices
Bus Type= USB
Device Class= select all of them
2) Name= PnP Allowed USB
Filter using PID/VID/Serial number of authorized USB
Create a PnP Device Rule:
Name= Block USB Devices (except Allowed Devices)
Step 1 of 3= include "PnP All Devices", exclude "PnP Allowed USB"
Step 2 of 3= block, monitor (and notify)
Step 3 of 3= apply to all users (User Assignment Group that should contain Domain Users and Local Users if you use Active Directory)