USB Port Read only, external drive for data protection.

Dear, 

I'd like to set all USB port is read only for external drive for data protection.

*File read to PC from external drive. <= support. Read only. 

*File copy from PC to external drive. <= Block. 

Would you please advise where & how can I set it with my sophos admin permission?

Thank you, 



Added tags
[edited by: Gladys at 11:52 PM (GMT -7) on 3 Oct 2022]
Parents
  • Thank you for reaching community forum. 

    Yes, this is possible with Data Control Policy. You need to create a content rule first. To understand more about Content Rule, refer to this Documentation. In your scenario, a file rule will be suitable though you need to define all file types you wish to block for the outward transfer direction. Also, you need to define the destination as well as their actions.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • Thank you for your adivse. 

    As my admin permission, I can see the menu in SOPHOS CENTERAL page as the image below. 

    Would you please advise where can I go to the menu to create the content rule?

  • You will need to navigate to "Endpoint Protection > Policies" to view the Data Loss Prevention policy for editing. 

    The Peripheral Control policy may also offer some options for controlling access to removable devices.
    For each peripheral type, you can change the access policy:

    • Allow: Peripherals are not restricted in any way.
    • Block: Peripherals are not allowed at all.
    • Read Only: Peripherals can be accessed only for reading.

    Sophos's options may not accomplish exactly what you're looking for, as they have slightly different use cases. 

    *File read to PC from external drive. <= support. Read only. 

    *File copy from PC to external drive. <= Block. 

    You can also use GPOs to control access to removable media. 
    - Computer Configuration > Administrative Templates > System > Removable Storage Access

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • You will need to navigate to "Endpoint Protection > Policies" to view the Data Loss Prevention policy for editing. 

    The Peripheral Control policy may also offer some options for controlling access to removable devices.
    For each peripheral type, you can change the access policy:

    • Allow: Peripherals are not restricted in any way.
    • Block: Peripherals are not allowed at all.
    • Read Only: Peripherals can be accessed only for reading.

    Sophos's options may not accomplish exactly what you're looking for, as they have slightly different use cases. 

    *File read to PC from external drive. <= support. Read only. 

    *File copy from PC to external drive. <= Block. 

    You can also use GPOs to control access to removable media. 
    - Computer Configuration > Administrative Templates > System > Removable Storage Access

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data