Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

Device Control - USB Devices

Is it possible to be able to restrict access to USB's my a unique ID - such as serial number?? Currently you can restrict my model but that doesn't stop an employee bringing in their own USB stick if it is the same make and model we us??

Basically we want to be able to issue USB sticks out to staff and only allow those precise devices to connect. Not any device that happens to be the same model.

36 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Andreas commented  ·   ·  Flag as inappropriate

        @David: Thanks for your post. But we dont use Sophos Central. We´re using the Enterprise Console.

        I have seen that the stick appear in the device manager as a USB device and also as a drive. There should be the possibility to include both in the policy, because the InstancePath is different.

      • David Emms commented  ·   ·  Flag as inappropriate

        Sophos Central -> Endpoint Protection -> Policies -> Peripheral Control -> Base Policy -> Settings

        If you change this to 'Control access by peripheral type and exemptions'

        Then, change 'Removable storage - XX detected to 'Block'

        Then, click 'Peripheral Exemptions' -> 'Add Exemptions'

        Change the drop down box to 'Removable storage'

        Tick the device, change Policy to 'Block' and Enforce By to 'Id'

        Does this meet your requirements?

      • Andreas commented  ·   ·  Flag as inappropriate

        restrict / allow acces to USB Devices with VendorID & PID would be very helpful (Device Instance Path or Device ID from USB Device)

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.