Device Control Policy - Digital Cameras and Cell Phones

Hi All,

I came across a similar ish issue recently though I did get device control events being reported to the console.

Hopefully my experience and the resolution will help those who come across this post as I did.

Our policy is to block removable storage devices from all desktop PCs. However due to pressure from above we were to allow access to digital cameras.

I set up a device control policy to block access to all storage devices and tested. USB sticks and the like were all blocked and generated a event in the device control log. I tested with two different digital cameras, these were not blocked and did not generate an event. So as this device class did not appear to be monitored by Sophos and allowed access this suited our purpose.

Having rolled out Sophos I then came across two users who couldnt access their digital cameras. On plugging them in an event was generate and they were blocked. On investigation it turns out that some ( in our case older) cameras are classed as "removable storage" and so Sophos righlty blocks them as per the policy. Some (in our case newer) cameras are picked up as "portable devices", these are not monitored by Sophos and so allows access.

In our case we excempted the older camera to allow access and all is well.

As a side note, we previously blocked all devices through the Windows policy @ Computer Config - Admin Templates - System - Removable Storage Access - "All removable Storage classes - Deny All access". On our test machine when this policy was disabled with the device plugged in and Sophos installed it got itself locked somehow. Even removing all active policies it still showed the device as "blocked" (as happens when the policy is in effect). I had to re-install Sophos to remove this, almost as if it locked/conflicted on some level. Likely as the device was still plugged in during the changes.

Regards,

Dave

Hi All,

I came across a similar ish issue recently though I did get device control events being reported to the console.

Hopefully my experience and the resolution will help those who come across this post as I did.

Our policy is to block removable storage devices from all desktop PCs. However due to pressure from above we were to allow access to digital cameras.

I set up a device control policy to block access to all storage devices and tested. USB sticks and the like were all blocked and generated a event in the device control log. I tested with two different digital cameras, these were not blocked and did not generate an event. So as this device class did not appear to be monitored by Sophos and allowed access this suited our purpose.

Having rolled out Sophos I then came across two users who couldnt access their digital cameras. On plugging them in an event was generate and they were blocked. On investigation it turns out that some ( in our case older) cameras are classed as "removable storage" and so Sophos righlty blocks them as per the policy. Some (in our case newer) cameras are picked up as "portable devices", these are not monitored by Sophos and so allows access.

In our case we excempted the older camera to allow access and all is well.

As a side note, we previously blocked all devices through the Windows policy @ Computer Config - Admin Templates - System - Removable Storage Access - "All removable Storage classes - Deny All access". On our test machine when this policy was disabled with the device plugged in and Sophos installed it got itself locked somehow. Even removing all active policies it still showed the device as "blocked" (as happens when the policy is in effect). I had to re-install Sophos to remove this, almost as if it locked/conflicted on some level. Likely as the device was still plugged in during the changes.

Regards,

Dave