Mihai2 0 Posted June 14, 2023 Posted June 14, 2023 Is it possible to populate a list if existing connected devices using the Protect Cloud console? I cannot see a way to do it. I'd prefer not to have to go to the computer itself to generate a list of devices. Is that the only option?
Administrators Solution Marcos 5,461 Posted June 15, 2023 Administrators Solution Posted June 15, 2023 It wouldn't make sense to have the populate option in ESET PROTECT. How would it be supposed to work? An admin would have to tell users to connect all their removable devices and flash drives to their machine during a specific time period when he would remotely populate the list. Instead, you can create a policy with a permissive Device Control rule with the logging severity set to "warning" and subsequently create reports with device properties in ESET PROTECT after you have received the information from endpoints as users connect their devices which trigger the Device Control rule.
Mihai2 0 Posted June 15, 2023 Author Posted June 15, 2023 (edited) 10 hours ago, Marcos said: It wouldn't make sense to have the populate option in ESET PROTECT. How would it be supposed to work? An admin would have to tell users to connect all their removable devices and flash drives to their machine during a specific time period when he would remotely populate the list. Instead, you can create a policy with a permissive Device Control rule with the logging severity set to "warning" and subsequently create reports with device properties in ESET PROTECT after you have received the information from endpoints as users connect their devices which trigger the Device Control rule. The use case is a kiosk PC that is always in use at the front desk, and I would like to see what devices are currently connected to it and ESET detects. It's a workstation that is locked down a single purpose, so nobody should be connecting any other devices to it, except for the administrators. I'd like to whitelist existing devices. I like the solution you proposed and I think that'll work just fine for us. Thank you. Edited June 15, 2023 by Mihai2
Mihai2 0 Posted June 20, 2023 Author Posted June 20, 2023 I created a policy, with a rule as below: After a computer restart, I cannot figure out how to pull a report with the attached devices information from the warnings. Maybe the warnings did not occur? The devices are already connected. Am I assuming incorrectly that the devices would report as connecting at boot time?
Recommended Posts