I am running EEFF 4.2 in ePO and I have a policy that enforces encryption on removable media (USB devices) as users plug them in, however, I would like to add exemptions to the policies to specific devices. It looks like I'm taking the right steps per the Manual, but my devices aren't being exempt. The following is what I'm doing:
I plug in the device and get the Device Instant Path ID (Value) from the device. After I have that, I go to add it to my Exempt Device IDs:, but even after I save the changes, I'm still asked to encrypt the device after I plug it in.
Any idea what I'm doing wrong?
Jose A. Munoz Jr.
“Device exemption” is based on the "Device Instance Path ID" and devices are exempted based on a substring match.
For instance if the "Device Instance Path ID" was identified as USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_G3&REV_1.00\001CC0EC321DFBC0B7172686&0, then the below strings can be configured to exempt devices,
KINGSTON -> Would exempt all KINGSTON devices including the one above
DATATRAVELER -> Would exclude all DATATRAVELER models including one above. The MAKE may or may not be KINGSTON
G3 -> Any device with G3 would be excluded including the one above
The example outlined above demonstrates the use of a single entry in the exclusion list to indicate string based matching.
Can you also check if the configured policy is enforced on the client via the McAfee Tray Icon ?
For more information, refer to the articles below :
How to exempt devices by Vendor : https://kc.mcafee.com/corporate/index?page=content&id=KB69770
How to exempt by Device IDs : https://kc.mcafee.com/corporate/index?page=content&id=KB75531
Hope this helps..