Video Screencast Help

block the usb

Created: 27 Dec 2013 • Updated: 11 Jun 2014 | 4 comments
This issue has been solved. See solution.

What is the step to create a policy to block the usb from DLP and how it can generate the incidents?

Discussion Filed Under:

Comments 4 CommentsJump to latest comment

ᗺrian's picture

I believe you can use SEP for this, not DLP

How to block USB Devices, Excluding the Mouse and Keyboard, in the SEP Manager

You want to block USB Storage Devices using an Application policy

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rs_cert's picture

Yes i have already blocked with SEPM but i have heard from one of my engineer that we can able to create a policy which can block the usb and when anyone can tried to connect the usb, it's create the incident report.

pete_4u2002's picture

for incident to be created the policy needs to be violated and DLP will monitor the content.

Lion Shaikh's picture


Configuring the Endpoint Prevent: Block action
The Endpoint Prevent: Block response rule action blocks the movement of confidential data on the endpoint computer and optionally displays an on-screen notification to the endpoint user.

This response rule action is specific to Endpoint Prevent incidents. This response rule is not applicable to two-tiered detection methods requiring a Data Profile.

If you combine multiple endpoint response rules in a single policy, make sure that you understand the order of precedence for such rules.


 The block action is not triggered for a copy of sensitive data to a local drive.

To configure the Endpoint Prevent: Block response rule action

1] Configure a response rule at the Configure Response Rule screen.

You configure response rules at the Manage > Policies > Response Rules > Configure Response Rule screen.

2] Add the Endpoint Prevent: Block action type from the Actions list.

You must configure at least one action for the response rule to be valid. You can configure multiple response rule actions. Each action is evaluated independently.

To define a response rule action

Configure a response rule at the Configure Response Rule screen.

Choose an action type from the Actions list and click Add Action.
For example, add the All: Add Note action to the response rule. This action lets the remediator annotate the incident.

Configure the action type by specifying the expected parameters for the chosen action type.

Repeat these steps for each action you want to add.