Media Encryption & Port Protection

Media Encryption & Port Protection prevents the leakage of sensitive data in these ways:

  • The policy specifies who can use devices connected to a physical port, such as USB storage devices.

  • Based on your permissions, you can optionally encrypt external devices connected to your computer to prevent access without your permission.

This section describes the process of encrypting, decrypting, and managing removable storage devices. Media Encryption secures a removable storage device by encrypting some or all of the storage device. It then puts the specified files (typically business data) on the encrypted device.

To work with Media Encryption, from the Endpoint Security Main Page, click Media Encryption.

The Media Encryption Details window opens. This shows removable storage devices that are attached to your computer.

If you click a device from the list you can create encrypted storage on the device or remove encryption from the device.

The Media Encryption policy determines how you can use external devices that connect to your computer. Media Encryption can encrypt, and decrypt external devices. The display shows the status of external devices connected to your computer.

It is necessary to click Allow user management of kernel extensions from identified developers.

Options

You can see the status of external devices connected to your computer.

Click Media Encryption & Port Protection to see options:

  • Policy Details - A summary of the Media Encryption & Port Protection policy that is installed on your computer.

  • Detected Removable Devices - Shows the status of devices attached to your computer. It includes these details:

    • Device - The type of device and the drive it is connected to.

    • Size - The storage space on the device.

    • Authorization Status - The authorization status of the device based on an Anti-Malware scan.

      • Authorized - Clean from malware.

      • Not Authorized - Malware or suspicious files were found. You cannot open, encrypt, or decrypt a device that is not approved.

      • Waiting for scan - The device was not scanned.

    • Encryption Status - If the device is encrypted or not. Only someone with permissions can see files on an encrypted device.

  • Scan Device - Scans the device for malware or unapproved files. If your Endpoint Security Client does not have Anti-Malware installed, the scan can still look for unapproved files.

  • Create Encrypted Storage - Click this to create an encrypted storage device.

  • Remove Encryption - Click this to remove encryption from a device.