Symantec Data Loss Prevention (DLP) Endpoint Prevent detects and prevents sensitive data from leaving from your desktop or your laptop endpoint computers.
For example, we can create a policy to prevent the keyword 'test' to be leaked out. Then, on the enpoint computer, if a user copy a file that contains the word 'test' to a USB disk, this copy action will be blocked by DLP Agent:
On the other hand, maybe you want to allow some special USB disks to be used on your corporation. For example, you bought a set of encrypted USB disk. You want these USB disks to be a 'White List' because all the files that copied into these disks will be encrypted automatically.
Below is a sample to create this kind of 'White List' of USB disk for DLP Agent.
We assume that there is already a policy to detect the keyword 'test'.
1. There is a tool named 'DeviceID.exe' on the 'SymantecDLPWinAgentTools_11.1.0.zip'. Copy this tool to the desktop that the USB disk connected to, then run the tool from the command line. It will generate the regex of the USB disk:
2. Login to the DLP Enforce, navigate to 'System' --> 'Agents' --> 'Endpoint Devices', click 'Add Device':
3. In the 'Device Definition (Regex)' field, input the regex that generated by the DeviceID.exe in step1:
4. Choose to edit the policy that detect the keyword 'test', click 'Add Exception':
5. From the Exception Type list, choose 'Endpoint Device Class or ID':
6. In the 'Endpoint Device Class or ID' of the 'Conditions', choose the device created on step3:
7. Save and apply this policy.
Then, this USB Disk will be a white list on your corporation. A file that contains the word 'test' be copied to this USB disk will not be blocked again.