I'm looking for some ideas on how to manage removable media. I can't be the only one that's noticed Sophos Central does not give full device IDs in logs or events. The only time I see the full ID is the first time it's blocked. For example, I go into Central and view the current allowed devices in my removable media policy and all I can see is: USBSTOR\DiskGeneral_USB_Flash_Disk_1100. Like many companies, we bulk purchase flash drives. This means that every single device in my exclusion list looks identical. I have no way of removing or troubleshooting a specific device. Also a problem is logs. If I'm going through logs I can't tie a specific user's activity to a specific device. My only option is to create a new rule for every single user with the media they're allowed to use. This would get out of hand quickly. I've opened tickets with Sophos support and they say it's a "feature request". I feel like this feature is vital to managing removable media on my network. I'm really hoping that I'm just missing or misunderstanding something in Central. So how do you go about using Sophos Central to manage your removable media?
If you have observed, when you access the peripheral policy, there are three options and you can only put the Exemption in the third option.
While adding the exclusions, all the peripherals detected in your company will be listed under it and you can choose the peripheral for which you want to provide exclusion by confirming the user mentioned against that USB drive. This can give you more narrowed visibility for the device which you wanted to allow.
Jasmin Community Support Engineer | Sophos Support Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link
Correct, this does the trick for when I want to allow a device. What about when I want to remove a specific device? Not possible because the full device ID isn't list anywhere.