Learn about the Benefits of Multi-Factor Authentication (MFA) . Turn your MFA on now!
Information: Three minute survey on Exploring more ways to contact Sophos Technical Supportt. If you can spare the time, we would love your feedback!
We'd love to hear about it! Click here to go to the product suggestion community
I'm getting a lot of events for "Multiple Card Reader USB Device" being blocked by the Removable Storage policy.
If i add an exemption for these devices, should the policy still continue to block any devices plugged into the card reader device? (eg SD cards etc)
the multiple readers normally create one empty device per slot as soon as they are plugged in (even without an actual media inserted). And when these devices are disabled cards that are subsequently plugged aren't recognized. If they are not blocked (exempted) insertion of a card is a volume mount that is AFAIK not subject to Device Control.Did you test it?
In reply to QC:
Thanks, I'm going out to site to test it with an SD card today. Its just a bit annoying when looking through the Device Control Event Viewer as it sems to generate events on every system under the NT AUTHORITY/LOCAL SERVICE account - presumably its detecting the reader at Startup? Don't mind seeing events when logged on users are trying to plug devices into the card reader but not when they're not even in use.
In reply to Buck:
in simple terms it's up to the device and its driver whether it's present without a volume mounted or not (a CD/DVD drive is usually "there" without a disc) and if it is there at startup DevCtrl will detect (and potentially disable) it then, and not only when a volume is inserted.
In most cases, mine are HP or Lenovo laptops with a built-in SD card slot. I guess its just a case of putting up with the events. I'll test further today but don't really want to create exemptions if it means it then circumvents the device controls 'Blocked' status.
Thanks for your responses, very helpful.
just tested a Lenovo T450, set the policy (but did not boot the laptop) to block Removable Storage and MTP/PTP. No alert for the empty SD slot but for the camera.