Showing results for 
Search instead for 
Did you mean: 
Level 7

EEFF 4.x Question: How to Exempt Removable Media

I am running EEFF 4.2 in ePO and I have a policy that enforces encryption on removable media (USB devices) as users plug them in, however, I would like to add exemptions to the policies to specific devices. It looks like I'm taking the right steps per the Manual, but my devices aren't being exempt. The following is what I'm doing:

I plug in the device and get the Device Instant Path ID (Value) from the device. After I have that, I go to add it to my Exempt Device IDs:, but even after I save the changes, I'm still asked to encrypt the device after I plug it in.

Any idea what I'm doing wrong?

Thank you,

Jose A. Munoz Jr.

0 Kudos
1 Reply
Level 11

Re: EEFF 4.x Question: How to Exempt Removable Media

“Device exemption” is based on the "Device Instance Path ID" and devices are exempted based on a substring match.

For instance if the "Device Instance Path ID" was identified as USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_G3&REV_1.00\001CC0EC321DFBC0B7172686&0, then the below strings can be configured to exempt devices,

    KINGSTON -> Would exempt all KINGSTON devices including the one above

    DATATRAVELER -> Would exclude all DATATRAVELER models including one above. The MAKE may or may not be KINGSTON

    G3 -> Any device with G3 would be excluded including the one above


The example outlined above demonstrates the use of a single entry in the exclusion list to indicate string based matching.

Can you also check if the configured policy is enforced on the client via the McAfee Tray Icon ?

For more information, refer to the articles below :

How to exempt devices by Vendor :

How to exempt by Device IDs :

Hope this helps..

0 Kudos