How to block all USB drives and set exclusions (2024)

Table of Contents
Environment Summary Affected Products Languages:

Technical Articles ID:KB86007
Last Modified:2023-03-16 08:42:51 Etc/GMT

Environment

Data Loss Prevention Endpoint (DLP Endpoint) - all supported versions

For supported environments, see KB68147 - Supported platforms for Data Loss Prevention Endpoint.

See Also
Change default USB setting| Motorola Support US

Summary

This article explains how to block all USB drives using DLP Endpoint and leave other USB types of hardware, such as the keyboard and mouse, unaffected. It also explains how to set exclusions for authorized USB drives.


Steps to block all USB drives using DLP Endpoint:

  1. Log on to the ePolicy Orchestrator (ePO) console.
  2. Click Menu, Data Protection, DLP Policy Manager.
  3. In Definitions, click Device Control, Device Templates.
  4. Click Actions, New Item, Removable Storage Device Template.
  5. Add Block USB drives to the name of the definition.
  6. Add the Bus Type property and change the value to USB. Leave the Comparison to Equals.
  7. Click Save.
  8. Create a Rule Set or open an existing Rule Set.
  9. In the selected Rule Set, click Device Control, Actions, New Rule, Removable Storage Device Rule.
  10. Name the rule Block All USB drives Removable Storage Device Rule.
  11. Change State to Enabled.
  12. Select the appropriate users to assign the rule.
  13. In Removable Storage, select Block USB Drives in the context menu.
  14. Click the Reaction tab and select Block under the Prevent Action drop-down list.
  15. Configure User Notification and Report Incident as appropriate.
  16. Under the Computer disconnected from the corporate network section, leave the Prevent Action set to React the same way as connected system.
  17. Click Save.
  18. If a new Rule Set is created, select Activate the Rule Set in DLP Policy in the Policy Catalog.
  19. If no new Rule Set is created, navigate to the Policy Assignment tab in the DLP Policy Manager and apply the appropriate policy.


Steps to add an exclusion for specific USB drives authorized for use:

  1. Click Start, Run, type explorer, and click OK.
  2. Right-click My Computer, and select Manage.
  3. In System Tools, click Device Manager.
  4. At the top of the Computer Management window, click the View menu option and select Show hidden devices.
  5. Insert the USB drive to be excluded.
  6. Look for any additions that display in the Computer Management list. Typically, the additions display under Storage volumes, but they can also display in Disk Drives or similar locations.
  7. Right-click the device found in the Computer Management list, and click Properties.
  8. Click the Details tab and look for one of the following entries in the drop-down list:
    • Device Instance ID
    • Device Serial Number
    • Vendor ID / Product ID
  9. Copy (Ctrl+C) the displayed entry. This entry is used again in step 8 of the following procedure.

Return to the DLP Policy Manager in the ePO console to perform the following steps:

  1. Log on to the ePO console.
  2. Click Menu, DLP Policy Manager.
  3. In the DLP Policy Manager, click the Definitions tab.
  4. Expand Device Control and select Device Templates.
  5. Click Actions, New Item, Removable Storage Device Template.
  6. Name the Definitions: Excluded Drives.
  7. Add the USB (VID/PID Codes) property.
  8. Leave the Comparison set to Equals and add the Vendor ID (VID) and Product ID (PID) gathered in the previous steps.
  9. Click Save.
  10. Go back to DLP Policy Manager, click the Rule Set tab, and click the Rule set created in Solution 1, Step 18.
  11. On the Device Control tab, select the Block All USB Drives Removable Storage Device Rule created in Solution 1.
  12. Click the Exceptions tab, and then click the Excluded Device Templates section, next to Removable Storage is one of (OR);then, click the Selection (gray box with 3 dots) button and select Excluded Drives.
  13. Click Save.
  14. Click Close in the DLP Rule Set.
  15. Click Policy Management.
  16. Apply the policy by clicking Actions, Apply Selected Policies and select the appropriate policy.

Steps to add an exclusion for encryption applications that reside on USB drives:

  1. Log on to the ePO console.
  2. Click Menu, DLP Policy Manager.
  3. In the DLP Policy Manager, click the Definitions tab.
  4. Expand Source/Destination and select Process Name.
  5. Click Actions, New.
  6. Name the Process Name definition USB Excluded Processes.
  7. Add the appropriate process name that corresponds with the encryption application on the USB drive in the Process Name field.
  8. Click Add, Save
  9. Click Save.
  10. Open the Block All USB Drives Removable Storage Device Rule created in "Solution 1."
  11. In the Process Name section, next to is none of (NOT), click the Context menu and select USB Excluded Processes.
  12. Click Close in the DLP Rule Set.
  13. Click Policy Management.
  14. Apply the policy. ClickActions, Apply Selected Policies and select the appropriate policy.

Affected Products

  • Configuration
  • Data Loss Prevention Endpoint 11.9.x
  • Data Loss Prevention Endpoint 11.6.x (EOL)
  • Data Loss Prevention Endpoint 11.10.x

Languages:

This article is available in the following languages:

  • German
  • English United States
  • Spanish Spain
  • French
  • Italian
  • Portuguese Brasileiro
  • Chinese Simplified
See Also
Switching to USB modeLogs Preview - enDisable USB StorageHow to turn on or turn off the FireWire or USB External Storage unit to ensure it is recognized in a Mac system. | Seagate US
How to block all USB drives and set exclusions (2024)
Top Articles
Taking Care of Coins and Bars | The Royal Mint
Key Person Life Insurance – Nationwide
Great Clips Mount Airy Nc
Algebra Calculator Mathway
Body Rubs Austin Texas
Jennette Mccurdy And Joe Tmz Photos
Ventura Craigs List
Sissy Transformation Guide | Venus Sissy Training
Nc Maxpreps
Umn Pay Calendar
Nonuclub
Price Of Gas At Sam's
Dutch Bros San Angelo Tx
Imagetrend Inc, 20855 Kensington Blvd, Lakeville, MN 55044, US - MapQuest
List of all the Castle's Secret Stars - Super Mario 64 Guide - IGN
The Exorcist: Believer (2023) Showtimes
Fraction Button On Ti-84 Plus Ce
Everything you need to know about Costco Travel (and why I love it) - The Points Guy
Project, Time & Expense Tracking Software for Business
zom 100 mangadex - WebNovel
Sussyclassroom
Cable Cove Whale Watching
Ocala Craigslist Com
The Fabelmans Showtimes Near Baton Rouge
Greyson Alexander Thorn
Grandstand 13 Fenway
Max 80 Orl
Luciipurrrr_
Marine Forecast Sandy Hook To Manasquan Inlet
Claim loopt uit op pr-drama voor Hohenzollern
Albertville Memorial Funeral Home Obituaries
Hellgirl000
Review: T-Mobile's Unlimited 4G voor Thuis | Consumentenbond
Search All of Craigslist: A Comprehensive Guide - First Republic Craigslist
Autozone Battery Hold Down
Babykeilani
About Us
Alba Baptista Bikini, Ethnicity, Marriage, Wedding, Father, Shower, Nazi
Unblocked Games - Gun Mayhem
Rescare Training Online
Zom 100 Mbti
Server Jobs Near
Waco.craigslist
Google Flights Missoula
Fresno Craglist
Razor Edge Gotti Pitbull Price
Puss In Boots: The Last Wish Showtimes Near Valdosta Cinemas
683 Job Calls
Tamilyogi Cc
Emmi-Sellers
Latest Posts
Airbnb's Marketing Evolution: Trends, Insights, and Strategies for Success
Heavy Equipment Transport | Billing Adjustment Definition
Article information

Author: Eusebia Nader

Last Updated:

Views: 6577

Rating: 5 / 5 (60 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Eusebia Nader

Birthday: 1994-11-11

Address: Apt. 721 977 Ebert Meadows, Jereville, GA 73618-6603

Phone: +2316203969400

Job: International Farming Consultant

Hobby: Reading, Photography, Shooting, Singing, Magic, Kayaking, Mushroom hunting

Introduction: My name is Eusebia Nader, I am a encouraging, brainy, lively, nice, famous, healthy, clever person who loves writing and wants to share my knowledge and understanding with you.