Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 39042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Add USB Device Exemption for New USB Devices

taekwanleap

I have for the last several months had my Device Policy set to "Detect but do not block".

I have finally unchecked this option to start effectively blocking access to removable storage devices.

So here is my question.  Now that the Device Policy is set to block, if I have an employee who brings a personal USB device from home and I choose to allow them to use it on a limited basis of some sort, how do I go about adding the device to the exemption list?

From what I am experiencing, with the Device Policy now set to "blocking", when a user adds a USB thumb drive to their PC, it does not allow the device to install and therefore does not appear to get reported to the Enterprise Console at all.

I wasn't sure how that process worked and if what I am experiencing is normal or abnormal.  I would have thought it would allow the device to be installed, detect it, get its device ID, report it to EC and apply the policy to either block, allow, read-only, etc.and if reported and needed you could easily exempt the device.

But from what I am currently experiencing, in order to exempt the newly introduced device, I will have to change the Device Policy to "Detect but do not block" long enough for the device to be detected, add the exemption and then change the Device Policy back to "blocking" mode.

I do have a support ticket on another issue regarding USB devices and will address it with them when I have contact with them again.

In the meantime while I am waiting, I was curious if anyone else had any knowledge on this process and how it worked.

Thanks!

:33895


This thread was automatically locked due to age.
  • 0

    Hello taekwanleap,

    if a device is blocked there should be an entry in the Event Viewer. Guess that for devices installing their own drivers the information is, naturally, not complete though. Thus it might get blocked as a rather generic device - which you wouldn't want to allow. So a special "check-in" procedure might in fact be necessary,

    Christian

    :33899
  • 0

    Hi Christian,

    It does create an entry in the Event Viewer - as long as I have the Device Policy set to "Detect but do not block".  So right now - when a user attaches a USB device that is blocked - it does not get logged in order for me to make an exemption even if I wanted one.

    So not sure how to add new device exemption other than periodically setting the Device Policy back and forth to "Detect but do not block".  But that is a bundlesome process to have to do.

    As my dad always says:  "Every solution creates another problem!"

    So - if the Device Policy is set to block all devices - shouldn't it at least report it in the Event Viewer and if it isn't reporting the event - then maybe there is a problem needing to be fixed with Sophos Tech Support.

    Again, I have a ticket open with them on another separate issue regarding USB devices.  So I'll try to get this issue addressed on the current open ticket.

    Right now - it flat out won't allow the device to install the device drivers with it set to block.  And doesn't even report to the Event Viewer that the device tried to install and blocked it.

    :33901
  • 0

    Wow - that was interesting.  It took FOREVER before Enterprise Console logged the blocked device event.  I am not sure the time span but I just now checked and the blocked event is just now appearing.

    So now I will try to exempt the device and see if it works correctly.

    Sorry for the confusion.  Just not patient enough I don't guess.

    Again - thanks Christian for your post.  I'll post back in a bit to let you know if it works or not.

    Thanks much!

    :33903
  • 0

    Well - my new USB device is now exempted.  So all is well.  Just took like 4 hours before the EC updated to show the blocked event.  Crazy thing.

    :33905