Internal SCSI drive is detected as an external USB drive.
search cancel

Internal SCSI drive is detected as an external USB drive.


Article ID: 184660


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


An internal SCSI drive is detected as an external USB drive in Data Loss Prevention.
You want to prevent incidents from being created for data transfers to this internal SCSI drive.


DLP 15.x, 16.x


Whether or not a device is considered removable is determined by your system’s BIOS and DLP is just getting the information as provided by system. So, DLP is not responsible when it detects on any internal drive as removable drive.


A way to stop incidents from being generated against an internal SCSI drive (as if it were an external USB), is to use the DeviceID.exe included with the agent tools to scan the SCSI deviceid and add it to the device whitelist.

1. The 'DeviceID.exe' is inside the Tools folders in the ''. Copy this tool to the system where the removable drive is connected. Then run the tool from the command line. It will generate the regex of the removable drive, for example, SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\5&1EC51BF7&0&000000

2. Login to the DLP Enforce console, navigate to 'System' --> 'Agents' --> 'Endpoint Devices', click 'Add Device'.

3. In the 'Device Definition (Regex)' field, input the regex that was generated by the DeviceID.exe tool in step1.

4. Save the device.

5. Edit any policy for which you would like to put this device in exception. Click 'Add Exception'.

6. From the Exception Type list, choose 'Endpoint Device Class or ID'.

7. Give the Exception a name and select the device created in step 3.

8. Save the policy.

Now, this device is whitelisted for this policy, and violations of this policy will not be detected on this device.

Additional Information

Refer below MS tech article to fix such issues from BIOS updates or from registry changes -