"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article describes the enhanced functionality available with Sophos device control in Endpoint Security and Control.
Applies from the following Sophos product(s) and version(s) Sophos Endpoint Security and Control
Sophos Device Control now allows an administrator to manage the use of storage devices, network interfaces and media devices connected to all managed endpoints. The following devices are supported:
Note: External hard disks - Sophos device control will recognize these provided they report themselves as such to the operating system. This is brand dependent, some brands of external hard disk do not report their status to the operating system. In these cases, Sophos device control will not recognize them as external.
Sophos device control is 'port agnostic' which means that it will support any port used to connect the device. This includes USB, FireWire, SATA and PCMIA interfaces.
Guidelines for creating and rolling out policies are in the Enterprise Console Policy setup guides.
Each device type supports both device instance and model exceptions. This means that a USB key which belongs to a given individual can be exempted from the removable storage block policy. It also means that all (for example) Verizon USB modems could be exempted by model type from the modem block policy. Exceptions can be commented so it’s easy to record who requested the exception and when.
Exceptions are made easy to manage using the device control event viewer. This is a new reporting tool available within Enterprise Console. It enables you to quickly filter events generated by the device control policy. Events generated by devices being blocked can then be used to authorize those devices.
Note: Exempting individual devices is based on the device having a unique device instance ID. See article 110566 for more information.
Customized desktop messaging can be displayed when a device is blocked. The message can be used to direct end users to a copy of your acceptable use policy or provide IT team contact details.
Device control reports can be scheduled and provide detailed trend reports on topics such as all devices blocked over the past month or the top 20 users with devices blocked over the quarter.
On the dashboard the administrator can track the number of endpoints which have recorded device control events over the past seven days. The threshold for an endpoint being flagged in the dashboard can be configured and this data is used to track unusual or exceptional behavior on managed endpoints. The computer list view in SEC can also provide a view of endpoints sorted by the number of device control events recorded over the previous seven days.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.