serpher 2 Posted April 22 Share Posted April 22 I have Device Control enabled and last rule on the list is to block all USB drives (allowed ones are higher). Using Override Mode doesn't allow blocked USB drive but I have to disable Device Control after Override Mode. Is this a correct way? I though that Override Mode would allow USB through. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted April 22 Administrators Share Posted April 22 If a policy that blocks the USB drive is pre-pended to the local Device control rules, then the only option to allow it in override mode is by disabling Device control. serpher 1 Link to comment Share on other sites More sharing options...
serpher 2 Posted April 22 Author Share Posted April 22 How the policy should look like? I have USB drives added with Allow rule and serial number and Block All rule at the bottom, but allowed drives are still blocked. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted April 22 Administrators Share Posted April 22 If you use a Device Control policy with blocking rules, you should not use the pre-pend method in regard to local settings, otherwise the policy will always take effect regardless of permissive rules you would create locally: Link to comment Share on other sites More sharing options...
serpher 2 Posted April 22 Author Share Posted April 22 (edited) I have Replace set to (I assume) always update the list of devices. Even if I'll add new device with Allow rule, the block all rule will block it. Doesn't matter the position on the list. Edited April 22 by serpher additional info Link to comment Share on other sites More sharing options...
serpher 2 Posted April 23 Author Share Posted April 23 Don't know how, but enabling rules got borked. Can't enable any rule, I can only disable it. I rebooted the server but same thing. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted April 23 Administrators Share Posted April 23 For me it works. I could create a rule in override mode, put it above the blocking rule applied by a policy and enable or disable it. Please raise a support ticket to find out why it doesn't work for you. Link to comment Share on other sites More sharing options...
Recommended Posts