This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device control issues

Hi We've recently implemented device control to stop people writing to DVD's and memory sticks. Device control in itself works fine, though we have to add a few exceptions here and there.

The problem is that alot of out DVD drives seem to be missing a 'device id' which means I could only allow the model accross the board rather than specific devices.

My question is has anyone seen this before? It a sophos issue or a problem with our DVD drives? I'm going to presume that its a problem with the DVD/Firmware though thought Id ask here to see if anyone has the same issue?

Thanks

Anth

This thread was automatically locked due to age.

Parents

0 QC over 13 years ago
Hello A_K and Sandy,
IMO the article is not as enlightening as it should be, in fact it rather adds to the confusion caused by the usage of the term Device ID both in SEC and this article.
To quote:
The two terms that first need defining in order to explain what is possible with a device are:
Device Instance ID - individual identifier for a specific device.
Device ID - generic identifier for a group of devices.
When a device has a device instance ID then Sophos Device Control can exempt that individual device
Clearly the meaning of Device ID in the context of Device Control is not the one given in the definition. Furthermore it's not clear where one can find the Device Instance ID which allegedly is sufficient for DC to exempt that individual device. On XP you can find a property with this name in the device manager details tab, on newer OS versions it is called Device Instance Path. So the last sentence above is unclear and also incorrect.
The second half of the article is more or less correct (except that Check if a device has a device instance ID should read Check if a device can return (or display) a unique ID ) although some rewording of
The list will be populated with reported devices. Those devices with unique identities will show a value in the 'Device ID' column.
When a device does not have a unique ID, then no ID is returned and the 'Device ID' column in the console is blank. You can then set an exemption but it will cover all devices of this type and not an individual device.
would do no harm.
Christian
:24371
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 13 years ago
Hello A_K and Sandy,
IMO the article is not as enlightening as it should be, in fact it rather adds to the confusion caused by the usage of the term Device ID both in SEC and this article.
To quote:
The two terms that first need defining in order to explain what is possible with a device are:
Device Instance ID - individual identifier for a specific device.
Device ID - generic identifier for a group of devices.
When a device has a device instance ID then Sophos Device Control can exempt that individual device
Clearly the meaning of Device ID in the context of Device Control is not the one given in the definition. Furthermore it's not clear where one can find the Device Instance ID which allegedly is sufficient for DC to exempt that individual device. On XP you can find a property with this name in the device manager details tab, on newer OS versions it is called Device Instance Path. So the last sentence above is unclear and also incorrect.
The second half of the article is more or less correct (except that Check if a device has a device instance ID should read Check if a device can return (or display) a unique ID ) although some rewording of
The list will be populated with reported devices. Those devices with unique identities will show a value in the 'Device ID' column.
When a device does not have a unique ID, then no ID is returned and the 'Device ID' column in the console is blank. You can then set an exemption but it will cover all devices of this type and not an individual device.
would do no harm.
Christian
:24371
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data