Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 12430 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console Device Control SQL View

eca

Hello

When you go to the enterprise console and view exemptions from a Device control policy, it shows all valid exempted devices. Is there anyway to query the Sophos sql database to get the exact same list of exempted devices as the only table I can find relevant is the dbo.ExemptedDevices table but that shows devices that have been removed as well as the active exemptions as there doesn't seem to be a flag in the table that says Active/Inactive etc 

Thanks

Charlie



This thread was automatically locked due to age.
Parents
  • 0

    Hello Charlie,

    what's your final goal? May I point out that view[ing] exemptions from a Device control policy does NOT show all valid exempted devices - it shows only those exempted in this specific policy. The mentioned table is a hold-all. Not knowing what you are up to I nevertheless suggest that you look up the policies of  Type=16 in the dbo.Policies table and there the PolicyXML column.   

    Christian

  • 0 in reply to QC
    Hello Christian

    Thanks for the fast response! The final goal is basically we have created a start up script that records the device id of anything that is plugged into a usb port of all our computers (we was told Sophos doesn't record every time when a exempted device is plugged in , it only records when a blocked device is plugged in every time). What we want to do is compare the list of devices from the start up script with what we have in our exempted devices in our Device policy (we only use Removable Storage, Secure Removable Storage and MTP ) so we can remove any exempted devices that are not used any more (as there is no functionality to remove devices that have not been plugged in after a certain time)

    Kind Regards

    Charlie
Reply
  • 0 in reply to QC
    Hello Christian

    Thanks for the fast response! The final goal is basically we have created a start up script that records the device id of anything that is plugged into a usb port of all our computers (we was told Sophos doesn't record every time when a exempted device is plugged in , it only records when a blocked device is plugged in every time). What we want to do is compare the list of devices from the start up script with what we have in our exempted devices in our Device policy (we only use Removable Storage, Secure Removable Storage and MTP ) so we can remove any exempted devices that are not used any more (as there is no functionality to remove devices that have not been plugged in after a certain time)

    Kind Regards

    Charlie
Children
  • 0 in reply to eca

    Hello Charlie,

    don't fiddle with the ExemptedDevices (or any other) table, extract the exempted devices from the PolicyXML (should be fairly easy) and use the GUI to remove the ones no longer in use.

    Christian

Unfiltered HTML