1 Reply Latest reply on Feb 23, 2012 2:10 PM by Moniker

    DLP rule blocked all USB storage

    notime

      Hi all,

       

      we created a rule to block all USB storage device except one USB ( we excluded it by VID and PID)  by following the below article

       

      but the rule blocking all USB storage as well the excluded one.

       

      https://kc.mcafee.com/corporate/index?page=content&id=KB60861

       

       

      any help ??

        • 1. Re: DLP rule blocked all USB storage

          Hi,

           

          USB is usually pretty straightforward. You need at least two device definitions. One device definition to cover all the unapproved USB drives you need to block and another device definition to cover the approved usb drives you want to allow.

           

          - I defined my "USB storage devices" defintion by bus type "USB" and file-system type with all file sytem types checked off.

          - I defined my "Approved USB storage devices" defintion by checking bus type "usb" and entering in the VID/PID values of the drives I need to allow.

           

          - Then create a rule that includes the non-approved USB drives and excludes the device definition for the approved usb drives.

           

           

          usb rules.png

           

          If this is exactly what you've already configured, I would call in to McAfee support and ask the DLP support rep to remotely connect and review your rule configuration.

           

          I hope any of this helps you.