search cancel

In a Hybrid SEPM - SES cloud environment, device control policies are not blocking or allowing devices as expected.

book

Article ID: 253587

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete

Issue/Introduction

Using an imported device control policy, you may find devices in your allow list are not being allowed, or devices that are set to block are not being blocked as expected. 

Environment

SES hybrid. Imported device control policy from an on-premise SEPM. 

Cause

SEPM policies are ordered and processed differently then SES cloud policies. 
In SES cloud, ordering is important. A block policy above the allow policy will process the block rule before the allow policy, and visa versa. 
Imported policies are not re-ordered automatically. If a block rule is added before and allow rule of the same type, it can conflict with expected behavior. 

Resolution

This is a known issue and Broadcom is working to resolve.

Workaround:

Delete and re-add all your block rules. This will auto reorder them to the optimal ordering. This should resolve the issue and Device blocking should work as expected.