You want to block all USB Printer devices that use the DLP Endpoint. But, you want to leave other plug-and-play devices such as keyboards and mice unaffected. To perform this action, do as follows:

IMPORTANT: Take a backup of your policies before you make any changes. To back up the DLP policy, do the following:

1. Log on to the ePO server. 
2. Select Menu, DLP Settings, Backup and Restore.
3. Click Backup to file and save the backup file Dlpconfig.backup.

 
Create a new Plug-and Play-device definition: 

1. Log on to the ePO server and select Menu, Data Protection, DLP Policy Manager, Definitions.
2. In the left pane, click Device Control, Device Definitions.
3. Click Actions, New. Then, select Plug and play device definition.
4. Enter a unique Name and optional Description. For example: USB Printer device definition.
5. In the left pane, select Bus Type by clicking > under Available Properties.
6. Browse and select the USB bus type from the drop-down list.
7. Repeat step 5 to add the USB Class Code, browse, and select the 07 - Printer USB Class Code from the drop-down list
8. Click Save.

 
Create a Plug-and-Play device rule and add the new wireless device definition:

1. In the ePO console, select Menu, Data Protection, DLP Policy Manager, Rule Sets.
2. Click Actions and click New Rule Set or edit an existing rule set.
3. To open the rule set for editing, click the rule set name.
4. Click the Device Control tab.
5. Click Actions, New Rule, Plug-and-Play Device Rule.
6. Enter a unique Rule Name. For example: Block US Printer.
   
   Optional: Change the Status and select a Severity.
    
7. On the Condition pane, add the End-User and select the Plug-and-Play USB Printer device definition.
   
   NOTE: Device definitions can define devices that are included (is one of) or excluded (is none of). You must include at least one definition.
    
8. On the Reaction pane, set the Prevent Action to Block.
   
   Optional:
   1. Add a User Notification and Report Incident. If the Report Incident is not selected, the incidents are not recorded in the DLP Incident Manager.
   2. Select a different Prevent Action when the user is working outside the corporate network or is connected by VPN.
       
9. Click Save and close the DLP rule set page.
10. Click Apply policy.

When this rule is applied, wireless communication is blocked on client systems.

NOTE: You can add plug-and-play devices to the managed computer, without configuration or manual installation of dlls and drivers. Use Plug-and-play device rules to prevent endpoint systems from loading these devices.