Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 9 subscribers
  • Views 3994 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exempting Individual Bluetooth Devices Not Working

Harry Rattigan

Hi,

I have blocked all Bluetooth devices on Sophos Central. However, when making an exemption on individual devices (mice, headphones, etc.) they still don't work. I then just made exemptions for all devices of a specific user, but that appears to have turned Bluetooth back on for everyone. So the devices now work, but Bluetooth is back on my computer.

Can exemptions even be made for individual Bluetooth devices or does that not work if Bluetooth is disabled in general?

Any help would be greatly appreciated.

Thanks



This thread was automatically locked due to age.
  • 0

    Hello Harry Rattigan,

    to make sure what it is you want to achieve and which steps you have performed.
    You are blocking Bluetooth in your base policy? You now have a list of blocked devices and want to permit (exempt) certain devices - certain models for all users or specific devices (AFAIK not all devices report a DeviceID) for individual users?
    exemptions for all devices of a specific user [...] turned Bluetooth back on for everyone
    did you create a new policy and assigned it to this user?

    Christian   

  • 0 in reply to QC

    Hi Christian,

    I didn't change the Base Policy for Peripherals. I just made a new one above it that blocks most devices and it has worked for the most part. I was trying to make certain users' devices exempt in that new policy I made, but Bluetooth seems to have been turned back on for everyone. I think it's because I made the Intel Wireless Bluetooth model exempt, which is on most users' computers.

    Should I just remove the exemptions and make another policy on top of that one that allows Bluetooth for those specific users?

    Harry

  • +1 in reply to Harry Rattigan

    Hello Harry,

    made a new one above it
    this policy is assigned to ... all computers or all users? turned back on for everyone If I understand correctly you are not blocking with the base policy but a new one. And now you want to make exemptions that apply only to certain users, correct? If so, you need another policy (with higher priority) that generally blocks Bluetooth but exempts certain devices and assign it to the users in question. Please note that while the list of detected peripherals contains an originating device and an associated user an exemption made for this device is not automatically applied to this computer and/or this user.

    Christian 

  • 0 in reply to QC

    The new policy I made is assigned to all computers at the moment.

     

    Yes, I am not blocking with the base policy, but a new one.

     

    So I will make a high priority policy for the specific users.

    When I select Add Policy and choose Feature: Peripheral Control, should I use Type: User or Type: Device?

  • 0 in reply to Harry Rattigan

    Hello Harry,

    only one policy of a certain type wins (How are policies prioritized?). If you want that these Bluetooth devices are only available to certain users it's a User policy. If OTOH you have some computers (devices) that have no USB peripherals you'd want a Device policy.
    Bonus question (inspired from the question asked here but never really answered): Is it possible that only certain users are permitted to use Bluetooth on certain computers only (neither should these users be able to use to BT peripherals on other computers nor should other users be able to use BT on any computer)? And if so, how?

    Christian

  • 0 in reply to QC

    Hi Christian,

    Making another policy above the other one appears to have resolved the issue. Just having a play around with it to make sure it's working well.

    I'll post again if there are more issues. Thank you very much for your help.

    Many thanks,

    Harry

Unfiltered HTML