Mauricio Osorio 2 Posted May 28, 2021 Share Posted May 28, 2021 Hi guys, In the company we have a general device control policy, which we apply from ESET Protect, at this time it is applied to 300 computers, that is, all of them have by default the use of disk storage devices blocked. When a user does the necessary procedure to enable a storage device, we go to the computer and verify the data of that device in the antivirus log (supplier, model and serial number) and then we create a rule with which we allow it to be used. the device, this has worked fine except with one device. The device for which the rule does not work is an external hard disk that reports all the data (supplier, model and serial number) but when the rule is created it continues to block it. The only thing that seems strange to me is that the serial number of the device in the log appears with empty spaces, I don't know if this has any effect on the problem: We have tried the rule with and without empty spaces but it still doesn't work. Can someone help me with this? Regards. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,281 Posted May 29, 2021 Administrators Solution Share Posted May 29, 2021 Both leading and trailing spaces matter. I recollect this should change soon and they should be ignored. I'd recommend creating a rule on a workstation with the removable medium connected and selecting "Populate" in the Device Control rule editor. This will enable you to create a rule exactly based on the medium properties. You can then retrieve the configuration of Endpoint via the ESET PROTECT console and convert it to a policy. Mauricio Osorio 1 Link to comment Share on other sites More sharing options...
Mauricio Osorio 2 Posted June 3, 2021 Author Share Posted June 3, 2021 Hi marcos, Thank you for your response, we have indeed overcome the incident thanks to your indication. Best regards. Link to comment Share on other sites More sharing options...
Recommended Posts