Jump to content

Device Control Populate remotely using Protect Cloud?

Mihai2
 Share
Go to solution Solved by Marcos,

Recommended Posts

Mihai2

Mihai2 0

Posted
Posted

Is it possible to populate a list if existing connected devices using the Protect Cloud console? I cannot see a way to do it.

 

I'd prefer not to have to go to the computer itself to generate a list of devices.

 

Is that the only option?

Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 4,839

Posted
  • Administrators
  • Solution
Posted

It wouldn't make sense to have the populate option in ESET PROTECT. How would it be supposed to work? An admin would have to tell users to connect all their removable devices and flash drives to their machine during a specific time period when he would remotely populate the list.

Instead, you can create a policy with a permissive Device Control rule with the logging severity set to "warning" and subsequently create reports with device properties in ESET PROTECT after you have received the information from endpoints as users connect their devices which trigger the Device Control rule.

Link to comment
Share on other sites
Mihai2

Mihai2 0

Posted
  • Author
Posted (edited)
10 hours ago, Marcos said:

It wouldn't make sense to have the populate option in ESET PROTECT. How would it be supposed to work? An admin would have to tell users to connect all their removable devices and flash drives to their machine during a specific time period when he would remotely populate the list.

Instead, you can create a policy with a permissive Device Control rule with the logging severity set to "warning" and subsequently create reports with device properties in ESET PROTECT after you have received the information from endpoints as users connect their devices which trigger the Device Control rule.

 

The use case is a kiosk PC that is always in use at the front desk, and I would like to see what devices are currently connected to it and ESET detects. It's a workstation that is locked down a single purpose, so nobody should be connecting any other devices to it, except for the administrators.

 

I'd like to whitelist existing devices.

 

I like the solution you proposed and I think that'll work just fine for us.

 

Thank you.

Edited by Mihai2
Link to comment
Share on other sites
Mihai2

Mihai2 0

Posted
  • Author
Posted

I created a policy, with a rule as below:

image.png

 

After a computer restart, I cannot figure out how to pull a report with the attached devices information from the warnings. Maybe the warnings did not occur?

 

The devices are already connected.  Am I assuming incorrectly that the devices would report as connecting at boot time?

 

image.png

 

 

 

 

 

 

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...