This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device Control - Not Working As Expected

Dear All

I've been testing out the Device Control policies and for a few months I have been collecting all of the USB disks by 'detecting but allowing to run'.    I have noticed though that the IronKey Basic Edition devices are recognised as 'Removable Storage' and not 'Secure Removable Device' as described in this Sophos article  http://www.sophos.com/support/knowledgebase/article/63102.html

Never the less I have added both the Basic and Enterprise editions of the Ironkey's to the exempt policy for 'Removable Storage'.  I have blocked all other devices.

Testing this on 5 OU's, (we sync Sophos with Active Directory) 4 out of 5 OU's work.  On one OU the new policy has applied but all machines in this OU can accept any USB device and the message I receive via email from those machines is this:-

Device control failed a notify installation operation: deviceId=USBSTOR\DISK&VEN_&PROD_USB_DISK_PRO&REV_PMAP\0766090001AF&0, errorCode=0x80070005.

I have rebooted the machines in question but to no avail and I have the same model of PC in OU's that work too?  Is it just a timing issue? Slowly, slowly, catch yer monkey?

Also, experince with different USB devices differs greatly too.  For instance one model of USB disk installs itself as a floppy disk drive (B) whilst another common USB key is identified by Windows as a CDROM?  (This is after applying the block policy - pre policy the USB key behaved as normal). Thus both device types are fully accessed even though I have received messages from both machines indicating to me that the policy has been applied and said devices were blocked! 

I can't exactly block CDROM drives and unfortunately you cant exempt devices of this type either (maybe a wish list request there!).

So experience so far is that the device control does not control all USB devices, so beware if you think you can roll out Ironkeys across your enterprise safe in the knowledge that the savages can't plug any old USB key into their machine! Because they can!   Unless I am missing something here?

Thanks

:765


This thread was automatically locked due to age.
Parents
  • I have opened a call with support about the policy not being applied and now I just need to run off some logs for further analysis.

    My contact at Ironkey will gladly send you a demo product to test with Sophos, but I can't for the life of me see how I can PM you? 

    Cheers

    :893
Reply
  • I have opened a call with support about the policy not being applied and now I just need to run off some logs for further analysis.

    My contact at Ironkey will gladly send you a demo product to test with Sophos, but I can't for the life of me see how I can PM you? 

    Cheers

    :893
Children
No Data