Video Screencast Help

Create White List of USB Disk for DLP Agent

Created: 14 Jan 2012 • Updated: 16 Jan 2012
Language Translations
yang_zhang's picture
+3 3 Votes
Login to vote

Symantec Data Loss Prevention (DLP) Endpoint Prevent detects and prevents sensitive data from leaving from your desktop or your laptop endpoint computers.

For example, we can create a policy to prevent the keyword 'test' to be leaked out. Then, on the enpoint computer, if a user copy a file that contains the word 'test' to a USB disk, this copy action will be blocked by DLP Agent:

On the other hand, maybe you want to allow some special USB disks to be used on your corporation. For example, you bought a set of encrypted USB disk. You want these USB disks to be a 'White List' because all the files that copied into these disks will be encrypted automatically.

Below is a sample to create this kind of 'White List' of USB disk for DLP Agent.

We assume that there is already a policy to detect the keyword 'test'.

1. There is a tool named 'DeviceID.exe' on the 'SymantecDLPWinAgentTools_11.1.0.zip'. Copy this tool to the desktop that the USB disk connected to, then run the tool from the command line. It will generate the regex of the USB disk:

2. Login to the DLP Enforce, navigate to 'System' --> 'Agents' --> 'Endpoint Devices', click 'Add Device':

3. In the 'Device Definition (Regex)' field, input the regex that generated by the DeviceID.exe in step1:

4. Choose to edit the policy that detect the keyword 'test', click 'Add Exception':

5. From the Exception Type list, choose 'Endpoint Device Class or ID':

6. In the 'Endpoint Device Class or ID' of the 'Conditions', choose the device created on step3:

7. Save and apply this policy.

Then, this USB Disk will be a white list on your corporation. A file that contains the word 'test' be copied to this USB disk will not be blocked again.