1. Purpose of the article
In this article thegioifirewall will guide you how to set an exception for controlling peripheral connectivity on Sophos Central.
2. Configuration scenarios
Techbast will prepare a computer named DESKTOP-6S0LJO1 with Sophos Endpoint installed.
Next is to prepare 3 USB devices with model names as follows:
- SMI USB DISK USB Device.
- Generic Flash Disk USB Device.
- Lexar USB Flash Drive USB Device.
Techbast will configure to prevent users from connecting all types of USB devices to Peripheral Control and create an exception that allows users to use only one type of USB in the list above, the Lexar USB Flash Drive. USB Device.
Now let’s get to the configuration.
To configure Peripheral Control we need to log into Sophos Central with the admin account then go to Endpoint Protection> Policies> Click Add.
The Add Policy table appears, we will configure the following parameters:
- Feature: Here we configure Peripheral Control so we should select it.
- Type: We can choose to configure Policy according to Device or User, here techbast will configure according to Device.
At this point, the policy details configuration section appears, we will name the policy in the Name section Monitor_Peripheral and configure on each tab as follows.
- This will be where we choose the device to be applied to this policy.
- According to the above configuration scenario, techbast will select the DESKTOP-6S0LJO1 machine from the Available Computers table and press the button “>” to convert this device to Assigned Computers.
- Manage Peripherals: This part will initially be the Disable Peripheral control, we will choose Control access by pheripheral type and add exemptions.
- The totals listed below…: This section will display the list of devices that Sophos support we control, as in the above configuration situation we need to control the USB device connection so we choose the action Block on Removable Storage.
Tab POLICY ENFORCED: This tab will tell us if the policy is enabled or not and it also provides a scheduled poicy enabled feature.
Then we will connect 3 USB devices to the computer DESKTOP-6S0LJO1.
Once connected we will return to the Monirtor_Peripheral policy on the SETTINGS tab.
Right now we will see the policy that monitors the three USB devices that we just banned, which is displayed to the right of the word Removable Storage.
Now we are going to create a USB exception with the model name Lexar USB Flash Drive USB Device to create, we click Add Exemptions to add the exception.
The Add Peripheral Exemptions panel appears, we select Removable storage in PERIPHERAL TYPE to filter only connected and connected USB devices, we will see a list of names of the 3 USB devices that we are about to connect to.
We will select the USB model Lexar USB Flash Drive USB Device and click Add Exemptions to add this USB to the exceptions list.
We will choose Allow in the POLICY column and Model ID in ENFORCE BY in the Exemptions table.
Click Save to save the Policy and make the 3 USB connection to the computer again.
The result we will see is that 2 USBs that are not in the exception list will be banned when connected to the computer.
The USB that has been put in the exception list can be connected.
We can check the log by turning on the Sophos Endpoint application on the computer and selecting Events to view the log.
In addition, we can also view the log on Sophos Central by going to Logs & Reports> Events Report.