When you create a DLP Endpoint Device Rule that is set to block or read-only, access to all USB drives is restricted. This restriction also applies to devices encrypted with FRP. To allow only USB devices that are encrypted with FRP, perform the steps in this article
To create a definition for FRP Encrypted Drives:
- Log on to the ePO console.
- Navigate to Menu, Data Protection, and DLP Policy Manager.
- Click the Definitions tab.
- Expand Device Control and click Device Templates.
- Click Actions, New, Removable Storage Device Template.
- Type a descriptive name for the Removable Storage Device Template.
- Select Bus Type under the Available Properties.
- Make sure that the Comparison is set to Equals.
- Select USB in the Value drop-down list.
- Select Content Encrypted in the Available Properties. This step adds the McAfee Endpoint Encryption value to the definition.
- Click Save.
- Open your Removable Storage Device Rule.
- Click the Exceptions tab.
- Select Excluded Device Templates from the left column.
- Change the State to Enabled.
- Find Removable Storage and click the ellipsis (...) button to the right.
- Select the Device Template you created.
- Click OK and Save.
- Apply the changes to the appropriate policies.
All USB drives encrypted with FRP are now excluded. All other USB drives are restricted according to the Removable Storage Device rule Prevent Action setting.
