Showing results for 
Show  only  | Search instead for 
Did you mean: 

Protection Level Options for Removable USB Media & CD/DVDs

No ratings

File & Removable Media Protection product currently offers five “Protection Level” options for USB devices.

Please note that the below screenshot is taken from version 4.2 of the product.

For more information on the UI changes incorporated in v4.2, please refer to


Protection Level Option (1) : Allow Unprotected Access

If the Admin chooses this option, the product just silently logs the end user activities in the background.

For more information on the audit logs captured for Removable USB Media, please refer to

Protection Level Option (2) : Allow Encryption (with offsite access)

This option was formerly known as EERM (Endpoint Encryption for Removable Media).This allows end users to encrypt USB devices, and also be able to read these encrypted devices on machines without having to install the McAfee Encryption software. This is a “container based” encryption approach.The secure container which contains the data can be unlocked either using a password or a certificate.

There is an initial provisioning step where the container needs to be created. The screenshot below shows the UI for the device provisioning.

After the initial provisioning step, there are no additional steps for the end user. All that the end user has to do on inserting an encrypted USB stick is to provide the authentication credentials, and on successful authentication, can "Add" or "Remove" or "Create" files in the secure container area of the device.


Protection Level Option (3) : Enforce Encryption (with offsite access)

This option was formerly known as EERM (Endpoint Encryption for Removable Media). This option is primarily the same as the previous one except the fact that this option ensures that end users cannot copy data to the USB device unless the device is encrypted.

The screenshots below show some of the options that are available with Protection Level Options (2) and (3).



Protection Level Option (4) : Enforce Encryption (onsite access only)

This option was formerly known as “Regular Encryption”. This is a “file based” encryption approach. The Administrator can configure the key with which the files copied to the USB device should be encrypted with. In this case, Encryptionis enforced which will ensure that all files copied to the USB device are automatically encrypted with the configured key.

In this case, the encrypted files can only be read on machines only with the client installed (having the necessary key). The end user does not have to configure anything when this option is selected.


With Protection Level Options (2), (3) or (4), the end user sees a padlock icon (when inserted on the client) on the USB device drive, and also on the files in the device indicating that they are encrypted and are in a protected state.


Protection Level Option (5) : Block Write Operations

This option restricts USB devices to a read-only state. Egress operations from the device are allowed but no data can be copied to the USB device

Version history
Revision #:
1 of 1
Last update:
‎10-19-2013 10:54 AM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community