Configuring Media Encryption & Port Protection

Media Encryption & Port ProtectionClosed A component of the Endpoint Security client that protects data stored on computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on). Acronym. MEPP. protects data stored in the organization by encrypting removable media devices and allowing tight control over computer ports (USB, Bluetooth, and so on). Removable devices are for example: USB storage devices, SD cards, CD/DVD media and external disk drives.

On the client-side, Media Encryption & Port Protection protects sensitive information by encrypting data and requiring authorization for access to storage devices and other input/output devices.

Media Encryption lets users create encrypted storage on removable storage devices that contain business-related data. Encrypted media is displayed as two drives in Windows Explorer. One drive is encrypted for business data. The other drive is not encrypted and can be used for non-business data. Rules can apply different access permissions for business data and non-business data.

Port Protection controls, according to the policy, device access to all available ports including USB and Firewire (a method of transferring information between digital devices, especially audio and video equipment). Policy rules define access rights for each type of removable storage device and the ports that they can connect to. The policy also prevents users from connecting unauthorized devices to computers.

Media Encryption & Port Protection functionalities are available in both Windows and macOS clients (for macOS starting at client version E85.30).

Note - When you add or remove Media Encryption & Port Protection for the Harmony Endpoint Security client, the client must restart to enforce them on the endpoint.

Best Practice - We recommend to not encrypt non-computer external devices such as: digital cameras, smartphones, MP3 players, and the like. Do not encrypt removable media that can be inserted in or connected to such devices.

For instructions on how to encrypt, see sk166110.

The Media Encryption and Port Protection can be configured in the Infinity Portal.

To configure Media Encryption:

  1. Navigate to Policy > Data Protection > General.

  2. In the Capabilities and Exclusion pane, click Media Encryption.