NOTICE - This feature is rolling out over the next few months. If you have any questions, contact Support.
Device Control in OneView allows you to block or restrict access to read-only on USB storage devices. You can exclude USB devices from Device Control by using the allowlist.
This feature requires an Endpoint Agent version of 2.0.0.81 or higher. Confirm an endpoint's version with the Agent version column on the Manage > Endpoints page. To update endpoints, select the endpoints and click the ellipsis icon > Agent Updates > Check for Agent Updates. For more information, see Endpoint actions in OneView.
Note: Exclusions are only supported for USB Mass Storage devices. SCSI devices are not supported.
Allow USB drives
If a USB device has already been blocked, select the activity on the Device Control > Activity page and click Actions > Add to Allowlist.
Otherwise, proactively add USB devices to the allowlist to override your policy settings and prevent them from being blocked on your endpoints.
To add a USB drive to the allowlist:
- Go to Device Control > Allowlist.
- Click Add device.
- Identify the USB Drive by at least one of the following:
- Vendor name
- Product name
- Serial number
- Select whether to enforce the allowlisting on all endpoints or just endpoints on any of the selected policies.
- Add optional comments.
- Choose whether the rule is enabled or disabled.
- Click Save.
Notes
- To delete a rule, check the checkbox next to a rule and click Delete > Delete.
- To temporarily disable a rule without deleting it, find and disable the toggle under the Status column for the allowlist rule.
- Only external storage devices are supported. Connecting an internal drive using a different cable or mounting from outside