Whitelisting removable drives from DLP agent monitoring
search cancel

Whitelisting removable drives from DLP agent monitoring

book

Article ID: 235421

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

You would like to allow sensitive data to be copied to removable drives like encrypted disks or for some specific users.

Environment

DLP agent 15.x

Resolution

1. There is a tool called 'DeviceID.exe' inside the Tools folders in the 'Symantec_DLP_15.x_Agent_Win-IN.zip'. Copy this tool to the system where the removable drive is connected. Then run the tool from the command line. It will generate the regex of the removable drive for example, SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\5&1EC51BF7&0&000000

2. Login to the DLP Enforce console, navigate to 'System' --> 'Agents' --> 'Endpoint Devices', click 'Add Device'.

3. In the 'Device Definition (Regex)' field, input the regex that was generated by the DeviceID.exe tool in step1.

4. Save the device.

5. Edit any policy for which you would like to put this device in exception. Click 'Add Exception'.

6. From the Exception Type list, choose 'Endpoint Device Class or ID'.

7. Give Exception name and select the device created in step 3.

8. Save the policy.

Now, this device is whitelisted for this policy and violations for this policy will not be detected for this device.