1 Reply Latest reply on Sep 11, 2013 10:47 AM by pboedges

    What and which are the definitions and rules to unblock 3G dongles?

      Hi all,

       

      My corporate environment uses:

       

      McAfee DLP Endpoint version 9.2.100.36

      McAfee ePO version 4.6.0

       

      I have created a few definitions and rules for the environment.

       

      First, I have set up two plug and play device definitions and the rule is to include (to block) them.

       

      From this definition we are able to block all insertions of Apple products into the computer. Similarly, we also created a definition for Samsung products and all we have to change is the vendor ID and also the device name to Samsung (Partial Match). It works for us fine.

      plug and play device definition details 2.jpg

       

      Second, I have set up three removable storage device definitions and the rules are as follows:

       

      To include (to block):

      block all usb.JPG

      To exclude (to not block):

      alllow cd dvd.JPGwhitelisted allow.JPG

      The 'Allow CD/DVD Drives' definition is to allow users to be able to use external CD drives on the laptop which doesn't have the internal CD drives and the 'Whitelisted Allow' definition is to let users have special granular access to thumbdrives that would be able to use on the computer.

       

       

       

      Here comes the question that I would need assistance with:

      I have users that needs to use 3G dongles when he/she brings the laptop out of office to work therefore needs the 3G dongle. Basically a 3G dongle is a portable device that is attached to a USB port so that the computer will be able to connect onto 3G network and these users whom require broadband Internet connectivity while on-the-go.

       

      1. I would help with the definition to be created so to say which defintion should be created? (There's plug and play device definition and also removable storage device definition.)
      2. In particular, which rule should be created? If we are creating a plug and play device defintion therefore a plug and play device rule will take place, right?
      3. What would be the fields that we would need to fill up in the definition itself?

       

      Thank you all so much!

        • 1. Re: What and which are the definitions and rules to unblock 3G dongles?
          pboedges

          Not 100% on this as i have not tested this (lack of device) but this is how i would go about creating the Rule.

           

          Device Definition would be Plug and Play Device Definition

          Parameter Name would be BUS TYPE (USB)

           

          This is the part that I am uncertain of

          Parameter Name would be USB CLASS CODE (Wireless Controller)

          or

          Parameter Name would be DEVICE CLASS (Wireless Communication Devices)

           

          Some devices i have found also register as Windows Portable Devices also listed under DEVICE CLASS.

           

          Your Plug and Play Device Rule would then exclude the new Definition for these devices.  You might want to see if you can tighten the rule using the serial number of the 3G device to ensure that only whats approved is used.