This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Peripheral Control Policy to block/allow Thunderbolt RAID storage devices

RE: https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/EndpointProtection/ConfigureDeviceControl/index.html

I can easily work with policies for blocking/exempting USB removable storage devices, but I have a LaCie Thunderbolt RAID and Sophos doesn't recognize it, so won't block it under my policy that blocks removable storage.  Is Sophos unable to recognize storage with Thunderbolt connections?



This thread was automatically locked due to age.
Parents
  • P.S. I'm running Macs that are Apple Silicon, on macOS Monterey (latest patched version).  Have not tried on Intel hardware.

  • Hi David, 

    Thanks for reaching out to the Sophos Community Forum.

    When performing a similar test with a thunderbolt display cable, I was not able to see any events populated in the logs corresponding to device control. 

    I suggest opening a support case with our team so that this can be looked into a bit further. You may want to have an SDU log ready so we can see if there are any mentions of device control events occurring when the peripheral is used.

    As a test, try setting all peripherals to "Block" and see if an event/alert will be generated when the removable device is plugged in/unplugged. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi David, 

    Thanks for reaching out to the Sophos Community Forum.

    When performing a similar test with a thunderbolt display cable, I was not able to see any events populated in the logs corresponding to device control. 

    I suggest opening a support case with our team so that this can be looked into a bit further. You may want to have an SDU log ready so we can see if there are any mentions of device control events occurring when the peripheral is used.

    As a test, try setting all peripherals to "Block" and see if an event/alert will be generated when the removable device is plugged in/unplugged. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children