How to block a Seagate hard disk drive
Technical Articles ID:
KB90900
Last Modified: 12/22/2021
Problem
With Removal Storage and Fixed Hard Drive rules configured and enabled, you are still able to access a connected Seagate HDD.
Cause
Windows Device Manager is not generating unique identifier information, either a VID/PID or serial number, for the HDD.
Solution
Based on the HDD detection in Windows Device Manager, either of the approaches below work. The changes that are made are user-based or DLP client bypass. They are user-based or DLP client bypass because a Windows Device Manager has not generated a unique VID/PID or serial number to exclude. For a permanent fix, contact Microsoft. This fix enables the Seagate HDD is detected in Universal Serial Bus Controller or a VID/PID is generated in Device Manager.
To block the Seagate HDD by Device Name:
- Log on to the ePO console.
- Click Menu, Data Protection, DLP Policy Manager.
- In Definitions, do the following:
- Click Device Control, Device Template.
- Click Actions, New Item, Fixed Hard Drive Template.
- Name the template, for example Seagate Device Name, and add the Device-Friendly Name.
- In Comparison, select Contains from drop-down list.
- In Value, mention keyword Seagate
- Click Save.
- In the selected Rule Set, do the following:
- Select Device Control.
- Click Actions, New Rule, Fixed Hard Drive Rule.
- Name the rule Block Seagate with Device Name Rule.
- Change State to Enabled.
- Select the appropriate users to assign the rule to.
- In Fixed Hard Drive, select the Seagate Device Name.
- Click the Reaction tab, and select Block in the Prevent Action drop-down list.
- Configure User Notification and Report Incident as appropriate.
- Under the Computer disconnected from the corporate network section, leave the Prevent Action set to React the same way as connected system.
- Click Save.
- If a new Rule Set was created, select Activate the Rule Set in DLP Policy in the Policy Catalog.
- If no new Rule Set was created, navigate to the Policy Assignment tab in the DLP Policy Manager and apply the appropriate policy.
To block the Seagate by Volume Serial Number:
- Log on to the ePO console.
- Click Menu, Data Protection, DLP Policy Manager.
- In Definitions, do the following:
- Click Device Control, Device Template.
- Click Actions, New Item, Fixed Hard Drive Template.
- Name the template, for example Seagate Volume Serial Number, and add the Volume Serial Number.
- In Comparison, select Equals from the drop-down list.
- In Value, mention Volume Serial Number pulled through the Incident Manager or hdlpDiag tool.
- Click Save.
- In the selected Rule Set, do the following:
- Select Device Control.
- Click Actions, New Rule, Fixed Hard Drive Rule.
- Name the rule Block Seagate with Device Volume Serial Number.
- Change the State to Enabled.
- Select the appropriate users to assign the rule to.
- In Fixed Hard Drive, select the Seagate Volume Serial Number.
- Click the Reaction tab, and select Block in the Prevent Action drop-down list.
- Configure User Notification and Report Incident as appropriate.
- Under the Computer disconnected from the corporate network section, leave the Prevent Action set to React the same way as connected system.
- Click Save.
- If a new Rule Set was created, select Activate the Rule Set in DLP Policy in the Policy Catalog.
- If no new Rule Set was created, navigate to the Policy Assignment tab in the DLP Policy Manager and apply the appropriate policy.
|
