Configuring Device Control by Endpoint

Click Data Protection → Device Control → Endpoints tab.

The Device Control Endpoints tab appears with a list of endpoints.

Click the endpoint that you want to configure device control for. You can search for endpoints by clicking Filter on the toolbar.

The Device Control Configuration screen appears.

Select the devices to restrict access to.

If you enable device control on Removable disk drives, and a user plugs a USB device into a machine with an endpoint agent, DLP takes the following actions:

Disables the USB device.
Displays an alert for the user.
Logs the event to the management server.

You can view event details by selecting Log → Query → System Event.

Click the down arrow next to Removable disk drives to define exceptions for USB devices. You can enter vendor, model number, and serial number for one or more USB devices.

Note

Trend Micro provides a tool for checking the vendor, model, and serial number of USB devices. Click the Removable disk drives down arrow and download the Auto-detect Assistance tool.

Specify Network Device Control:

Select the Enable Network Device Control to prevent machines without the DLP agent from copying network shared files.
Clear Enable Network Device Control to allow machines without the DLP agent to copy network shared files.
Click Add to create a list of approved IP addresses.

Click Save.

DLP saves and implements your device control settings.

Note

DLP retains the agent’s device control settings even if the agent is disconnected from the network and deleted from the agent management screen. When the agent is back online and registered again with the server, the device control settings are recovered.

$('#title').html($('meta[name=description]').attr('content'));