Endpoint Protection

This document is generic irrespective of vendors.

These days the data cards comes up with a slot to host Micro SD cards used to store data. As a security measure some of the security admins would like to block storage, Device control policy can be configured to block it, below is the solution to the requirement.

Below is the screen shot of the device manager before connecting the device.

Below is the screen shot of the device manager after connecting the device.

These screen shot is specific to one device and can vary based on the data card.

• Collect the device id from the device manager for vendors modem, com ports, DVD/CD-ROM and past is in notepad.
• Under Policies Tab -- > Policy Components -- > Hardware Devices  Add all the hardware which would later be used while configuring the Device control policy.

Configuration of device control policy.

• Under Policies Tab -- > Application and Device control policy.
• Add new policy for testing.
• Edit the policy and under device control
• Add standard USB under block section.
• Add human interface devices to the exclusion
• Add Modems, com ports, DVD/CD-ROM hardware devices under exclusion list.
• Check the block which says Log Blocked Devices to log blocked devices.
• Assign this policy to the test group which contain a machine for testing.
• Connect the device and try to connect to the Internet and make sure if it works or not.

Important Note: The above document might vary depending on the vendors and the design of the data card. Before applying this policy to product a thorough testing is needed.