Configuring Device Control by Group

Note

If Endpoint A has a device control policy and is a member of Group B which has another device control policy, Endpoint A merges the device control policy set of A and B.

Navigate to Data Protection → Device Control → Groups.

The Device Control Groups tab appears with a list of groups that you set up on the Administration → Agent Management → Agents → Groups tab. For more information, see Managing Agent Groups.
Click the group name that you want to configure device control for.

The Device Control Configuration screen appears.

Select the devices for which to restrict access.

If you enable device control on Removable disk drives, and a user plugs a USB device into a machine with the DLP agent, DLP takes the following actions:

Disables the USB device.
Displays an alert for the user.
Logs the event to the DLP server.

You can view event details at Logs → Query → Log Type: System Events.

You can also click the down arrow next to Removable disk drives to define exceptions for removable disk devices. The exception list includes three fields for each removable disk drive: vendor, model number, and serial number. If you leave any one or two fields empty, DLP matches all of the empty fields.

Note

Trend Micro provides a tool for checking the vendor, model, and serial number of USB devices. Click the Removable disk drives down arrow and download the Auto-detect Assistance tool.

Select Enable Network Device Control.
- Select Enable Network Device Control to prevent machines without the DLP agent from copying network shared files.
- Clear Enable Network Device Control to allow machines without the DLP agent to copy network shared files.
- Click Add to create a list of approved IP addresses.
Click Save.

$('#title').html($('meta[name=description]').attr('content'));