I'm looking for some ideas on how to manage removable media. I can't be the only one that's noticed Sophos Central does not give full device IDs in logs or events. The only time I see the full ID is the first time it's blocked. For example, I go into Central and view the current allowed devices in my removable media policy and all I can see is: USBSTOR\DiskGeneral_USB_Flash_Disk_1100. Like many companies, we bulk purchase flash drives. This means that every single device in my exclusion list looks identical. I have no way of removing or troubleshooting a specific device. Also a problem is logs. If I'm going through logs I can't tie a specific user's activity to a specific device. My only option is to create a new rule for every single user with the media they're allowed to use. This would get out of hand quickly. I've opened tickets with Sophos support and they say it's a "feature request". I feel like this feature is vital to managing removable media on my network. I'm really hoping that I'm just missing or misunderstanding something in Central. So how do you go about using Sophos Central to manage your removable media?
This thread was automatically locked due to age.
