Showing results for 
Search instead for 
Did you mean: 
Level 7

EEFF\EERM Exclusions

We are deploying EEFF 4.2 to only encrypt USB devices. I realize that DLP has more capabilities for handling various devices. However, I would like to know how far I can get with EEFF\EERM alone. Are there any resources for exempting phones, tablets, ereaders, etc by manufacturer, for example Apple? I have EEFF deployed and the EPO logs show 700 devices so far. I can get a list of current devices from an EPO query, example below.


Since others have already deployed I was just wondering what resources were available to help with this. Otherwise I guess I am just monitoring, gathering devices and exempting.

This has been pushed up in the queue by Management so I under the gun to get it moving.

0 Kudos
1 Reply
Level 11

Re: EEFF\EERM Exclusions

"Device exemption” feature is based on the DeviceID (Device Instance Path), and devices are exempted based on a substring match.You can configure any search patterns or device IDs.

For instance if the Device ID was identified as USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_G3&REV_1.00\001CC0EC321DFBC0B7172686&0,any of the below strings will exempt the device from being encrypted

  • KINGSTON -> Would exempt all KINGSTON devices including the one above
  • DATATRAVELER -> would exclude all DATATRAVELER models including one above. The MAKE may or may not be KINGSTON
  • G3 -> Any device with G3 would beexcluded including the one above


For more information, refer to the articles below :

How to exempt devices by Vendor :

How to exempt by Device IDs :

Hope this helps

0 Kudos