Enable Device Control:

This will block writes and executes from any Unapproved USB Device.

1. Log in to the Console and navigate to Rules > Policies > relevant Policy > Device Control
2. Enable one or more of the desired Settings by toggling the Status.
   • Off: Permits listed operations to unapproved removable devices, does not report the Event.
   • Report Only: Permits listed operations to unapproved removable devices, reports the Event.
   • Active: Tracks listed operations to unapproved removable devices and blocks them in Control mode.
3. Add or Edit the Notifiers accordingly.
4. Save and Exit.

Block Reads on Unapproved USB Devices: (Custom Rule)

1. Verify the Advanced Rule Options is enabled:
   1. Log in to the Console and navigate to https://ServerAddress/support.php > Advanced Configuration.
   2. Software Rules > Advanced Rule Options > check: Showing advanced rule options > Update.
2. Navigate to Rules > Software Rules > Custom > Add Custom Rule.
3. Use the following details:
   • Status: Disabled
   • Rule Type: Expert
   • Operations: Open, Open Execute Intent, Read, Mmap Read
   • Actions: Block, Stop Rule Processing
   • Path or File: Any
   • Process: Any
   • User or Group: Any (Can be a specific user if desired)
   • Policies: Selected policies > relevant Test Policy (Recommended to test first)

   ***DO NOT enable the rule yet, or all reads in the environment will be blocked***

4. Save & Exit the Disabled Custom Rule.
5. Edit the Custom Rule.
6. Scroll down to the "Advanced" section of the Custom Rule. This only appears after the feature is enabled and the Custom Rule is saved.
7. Change File Device Type to: Unapproved Removable.
8. Enable & Save the Custom Rule.