Device Control Whitelist

[Christian Stück 4]

Hi Forum,

i‘m trying to build a modular device control whitelist:

allow stick 123 for user abc

allow devices from vendor xyz in group hij

block all other

I was trying to append the „block all“ last rule by policy order, but its really hard to keep the rule last - when i add another rule in a child group this ist added later (of course).

is there any way to default-block (or default-warn) everything not explictily allowed? One idea would be, to throw all usb-rules in one policy, but that would get quite long.

Thanks in advance!

christian

[Marcos 4,478]

I think this is what you are after. It's a new feature of ERA v7 and Endpoint v7 which will be unveiled later this year:

[Christian Stück 4]

Thanks Marcos, "prepend" will help!

for now i add all policy to one group to get the customer happy.

The actual problem they have is: we can't change policy order.
I mark a policy and klick "apply later" but after closing and reopening it is at the old position again.

From some testing i would say, the policies for a group are automatically ordered by date or id: Every new policy i add is always applied last and i cant' change that.
I don't see this behaviour at another era-server.

Is there a general setting for policy order i am missing?

Both Servers run as appliance, ERA-Server version 6.5.417

Thanks again!

Christian

Edited April 19, 2018 by Christian Stück

[Marcos 4,478]

Does the page https://help.eset.com/era_admin/65/en-US/index.html?admin_pol_how_policies_are_applied.htm help understand how policies are applied?

[Christian Stück 4]

My problem is, changed policy order in one group is not saved. After Close and re-open policies are in old sort order again (sorted by creation time).