Showing results for 
Search instead for 
Did you mean: 

USB block rule to be enable

Dear Team, We are requesting you to create the rule for USB drives (Pen-drive, hard drive and mobiles) disable and enable rules in our EPO. Kindly do the needful.
2 Replies
McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: USB block rule to be enable


Please see below note from Page 66 of DLP 11.2 Product Guide. 


Create a plug-and-play device rule
Use plug and play device rules to block or monitor plug and play devices. They are supported on both McAfee
DLP Endpoint for Windows and McAfee DLP Endpoint for Mac. On macOS computers, support is for USB
devices only.
A plug and play device is a device that can be added to the managed computer without any configuration or
manual installation of DLLs and drivers.
For plug and play device rules to control Microsoft Windows hardware devices, the device classes specified in
device templates used by the rule must be set to Managed status.


1 In McAfee ePO, select Menu | Data Protection | DLP Policy Manager | Rule Sets.
2 Select Actions | New Rule Set, or edit an existing rule set.
3 To open the rule set for editing, click the rule set name. Click the Device Control tab.
4 Select Actions | New Rule | Plug and Play Device Rule.
5 Enter a unique rule name.
6 (Optional) Change the status and select a severity.
7 Deselect the McAfee DLP Endpoint for Windows or McAfee DLP Endpoint for Mac OS X checkbox if the rule applies to
only one operating system.

8 On the Condition tab, select one or more plug and play items or groups.
When saving the rule, the template used to create the items or groups is validated against the operating
systems selected in the Enforce on field. If they don't match, an error message displays. You must correct the
error by deleting templates or changing the selected Enforce on operating system selected before you can save
the rule.
9 (Optional) Assign end-user groups to the rule.
10 (Optional - Windows only) On the Exceptions tab, select a whitelisted device template and fill in the required
You can add multiple exceptions by adding more than one whitelisted item or a whitelisted plug and play
11 (Optional - Mac only) On the Exceptions tab, select a device template and fill in the required fields.
You can add multiple exceptions by adding more than one item or plug and play group.
12 On the Reaction tab, select an Action. Optional: Add a User Notification, and Report Incident.
If you don't select Report Incident, there is no record of the incident in the DLP Incident Manager.
13 (Optional) Select a different action when the end user is working outside the corporate network, or is
connected by VPN.
14 Click Save.


Re: USB block rule to be enable

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community