2 Replies Latest reply on Apr 12, 2011 4:25 PM by amiyabisoi

    Creating a rule to allow CD\DVD\ROM access.

      I am trying to tweak an existing rule to allow a certain group access to their cd\rom when they logon and deny all others.

      I am using DLP

      The events come in with the information showing the drive has been blocked, even for those I want to be able to access.

      I have tried entering the information from this event to allow access, without success.

      ie :

      Event Generated Time (Endpoint):   3/30/2011 2:35:08 PM

      Event Generated Time (UTC):   3/30/2011 7:35:08 PM

      User Name:  

      Computer Name:   KFNBMOBILE18

      Associated Rules:   Executive Block Removeable Mass Storage except CD

      Agent Action(s):   Block, Monitor, Notify User

      Agent Version:

      Policy Name:   DLP Security Policy

      Policy Time (UTC):   3/30/2011 7:20:18 PM

      Connection State:   Online

      Device Class GUID:   4D36E965-E325-11CE-BFC1-08002BE10318

      Device Class Name:   DVD/CD-ROM drives

      Device Name:   HL-DT-ST DVD-ROM DU10N

      Device Compatible ID:   GenCdRom

      Device Instance ID:   IDE\CDROMHL-DT-ST_DVD-ROM_DU10N__________________1.05____\4&3341A3E&0&0.1.0

      Bus Type:   IDE

      Device File-System Access:   Read - Only

      Volume Label:   CD1

      Volume Serial Number:   249E-FCDF

      Device File System Type:   CDFS


      I did not see a way to add the device class GUID or the device serial number.

      I have added the class name, device name, device compatable id, device instance id


      I would really appreciate any help.