I have in the past build a Device rules that works fine with Win7 environment.
But since our company introduced Win8.1 to the fleet, looks like the rule is not working properly now
So what I have are :
- Removable Storage Protection Rules : which monitor all files written onto removable storage [ USB stick or USB HDD ]
- Plug and Play Device Rules : which block Device Class : Windows Portable Devices
The above combination works fine before as it blocks all attempt to connect phones onto machines [iPhone , Androids] and writing file to usb storage can be recorded.
Then come Win8.1 which when a USB hdd or USB flash drive plugged to it, it will detect the device as Portable Devices.
[for newer devices only , as my old Lacie 2GB is not treated as Portable device but my new 16GB is ]
ie my Seagate FlexGo enumerated 2 devices when I plug it in onto a Win8.1
And since I have a block of WPD , looks like my RSPR rule is not working anymore.
Just wondering how you construst the protection rules to accomodate win8.1 ?