Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 6444 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device control, Removable storage and reporting

declantroy

I'm looking to implement a policy to prevent files being copied to removable storage - either a USB drive or a phone. I've had a policy in place for a while just to collect the data for reporting. I've Removable Storage, Secure Removable Storage, Bluetooth, Infrared and MTP/PTP all set to blocked.

I generate a report using the wizard to show all Device Control alert and event types which I receive each week by mail. This report shows lots of information but includes items such as the integrated webcam in laptops, MS wedge touch mouse, Surface Pro Pen etc. 

If I look in the DB I can see the DeviceTypeID field. Is it possible to see what each DeviceTypeID corresponds to - It looks like Phones are a 9 (as are the webcam), USB drives are 1 etc - where can I see a list of what each type is? Also how can I generate a report that will either only run for specific device types or at least export the device type with the report so I can filter out the ones I'm not concerned with. Finally if I enable the policy rather than just detect how does the system decide which USB devices are blocked - is that down to DeviceTypeID or something else entirely? 

Thanks



This thread was automatically locked due to age.
Parents
  • +1

    Hello declantroy,

    whatever you are up to please keep in mind that for device types other than Floppy, Optical, and Removable (excluding Secure Removable) you have only the choice of Full access or Blocked. Thus for Media (which covers protocols, currently MTP/PTP) types (phones, cameras, and so on) no access at all will be possible.

    how does the system decide which USB devices are blocked
    Detect     will generate events for devices used on endpoint computers when the policy would have been infringed - so if you have an event for a device it will be blocked then (or only R/O).

    Is it possible to see what each DeviceTypeID corresponds to
    The report is limited (but has the advantage that it can be scheduled). For Device Control the Event Viewer is the better tool as it shows the information in the Type column. Wonder what type these devices you've mentioned are.

    prevent files being copied
    Anyway - Device Control is not a magic wand (BTW - as you mention USB: Device Control is port agnostic). It depends on your requirements whether its use is feasible and reasonable. Feel free to ask if you need more information.

    Christian

Reply
  • +1

    Hello declantroy,

    whatever you are up to please keep in mind that for device types other than Floppy, Optical, and Removable (excluding Secure Removable) you have only the choice of Full access or Blocked. Thus for Media (which covers protocols, currently MTP/PTP) types (phones, cameras, and so on) no access at all will be possible.

    how does the system decide which USB devices are blocked
    Detect     will generate events for devices used on endpoint computers when the policy would have been infringed - so if you have an event for a device it will be blocked then (or only R/O).

    Is it possible to see what each DeviceTypeID corresponds to
    The report is limited (but has the advantage that it can be scheduled). For Device Control the Event Viewer is the better tool as it shows the information in the Type column. Wonder what type these devices you've mentioned are.

    prevent files being copied
    Anyway - Device Control is not a magic wand (BTW - as you mention USB: Device Control is port agnostic). It depends on your requirements whether its use is feasible and reasonable. Feel free to ask if you need more information.

    Christian

Children
Unfiltered HTML