Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 6449 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ESC- Device Control – Portable Device

BopBop

Hi

We have set up some basic  Device Control policy for our organization – Floppy Drive, Removable storage, Secure Removable storage. They are working great. But recently I found that some digital camera which are categorize as “portable device” instead of Removable storage doesn’’’’t detect by ESC.

 Even though camera is connected via USB  port neither Win OS or Sophos consider it as USB device. In ECS device policy I didn’’’’t see any option for “ portable device”.

Any suggestion how I could block these device?

:19469


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I assume that these devices are of class WPD (http://msdn.microsoft.com/en-us/windows/hardware/gg463541 )?  To check, if you're in "Device Manager", they probably appear under the section: "Portable Devices" and if you find the device in the list, go to the "Properties", then "Details" tab, you can see the "Device Class" , I assume this is WPD?

    That being the case, typically you can't just drag files onto these devices using Explorer, you get errors such as "Cannot copy [filename] - The file is not supported on this device.....", So to move anything to the device ou may need some third party application but to be sure, there is a GPO setting you could try rolling out; you will find it under:

    \Computer Configuration\Administrative Templates\System\Removable Storage Access\

    WPD Devices: Deny read access

    WPD Devices: Deny write access

    Also of note are the Application Control categories under the category: "Mobile Synchronization"

    I hope that helps.

    Regards,

    Jak

    :19473
Reply
  • 0

    Hi,

    I assume that these devices are of class WPD (http://msdn.microsoft.com/en-us/windows/hardware/gg463541 )?  To check, if you're in "Device Manager", they probably appear under the section: "Portable Devices" and if you find the device in the list, go to the "Properties", then "Details" tab, you can see the "Device Class" , I assume this is WPD?

    That being the case, typically you can't just drag files onto these devices using Explorer, you get errors such as "Cannot copy [filename] - The file is not supported on this device.....", So to move anything to the device ou may need some third party application but to be sure, there is a GPO setting you could try rolling out; you will find it under:

    \Computer Configuration\Administrative Templates\System\Removable Storage Access\

    WPD Devices: Deny read access

    WPD Devices: Deny write access

    Also of note are the Application Control categories under the category: "Mobile Synchronization"

    I hope that helps.

    Regards,

    Jak

    :19473
Children
No Data