I am trying to create a Device Control policy in DLP to block USB thumb/jump/etc. drives and allow read access for USB physical-disk hard drives, is there a way to do it? I know, sounds kind of crazy but it's a policy thing that I have to deal with. Thanks for any input or solutions!
ePO 4.0 P6Message was edited by: gng4life on 12/27/10 9:01:11 AM CST
I tried that yesterday...made a device rule to block VID 0721 (Sandisk), enabled it, applied it, saved it, did a wake-up and nothing. I waited, tried again, etc., etc., still no luck. Have you done this successfully? Do you have a template of the rule? Thanks for the info...
Ok, no problem lets do it
1. ePO > Menu > Data Protection > DLP Policy > Device Rules > Left Click and Add New
2. Add New Romovable Device Storage Rule
3. In the wizard create new group clicking "add Item..."
4. Select Bus Type and select USB
5. Select VID/PID codes (eg VID 0930 PID 6533 , Kingston Datatraveler 2.0 in my case )
6. Select Reaction (Block Monitor, etc)
7. Select User Assignament (in my case "local users")
8. click finish
9. In the new rule left click and enable
10.don´t forget to apply !!
11. Go to Policy Catalog and create a copy of default computers assignament group for Product DLP and Category CAG
12. Assign new policy to users by clicking selection box
13. Make ASCI
I got an answer back from McAfee support saying they didn't recognize the difference between thumb drives and spinning disk hard drives.
I tried the above example (it was very similar to what I already tried) and it does not block the SanDisk drive that I'm working on. I need to be able to block all Thumb drives by VID/PID if possible.
Any other suggestions?
you'd need to know the VID/PRD of ALL thumb drives to do that.
Windows does not differentiate based on the storage type - they are all just USB storage devices as far as its concerned.
I think I found a site that is updated pretty regularly with all USB drive manufacturers VID/PID information...
I'm going to start with that but if anyone has a better idea, please let me know.
Also, do you know why the only the VID did not block the drive access? I'm still testing but no luck so far...
Thanks for any assistance!Message was edited by: gng4life on 1/5/11 12:18:35 PM CST
you can get VID and PID from HDLP monitor , just viewing the result pane on the right, when an Device is connected on to pc HDLP sends the details to ePO (of course , first create one rule to monitor those events) the other way is opening compmgmt.msc > Device Manager, select the device and click properties on the Details Tab you would find all the info that you need.
I hope you understand my poor English
It is not impossible to make what you want., but you got to do in " reaction mode "
good luck .El mensaje fue editado por: HermanSchenk on 05/01/11 20:18:33 GMT-06:00