Configuring Authorization Settings

You can configure a Media Encryption & Port Protection rule to require scans for malware and unauthorized file types when a storage device is attached. You also can require a user or an administrator to authorize the device. This protection makes sure that all storage devices are malware-free and approved for use on endpoints.

On Windows E80.64 and higher clients, CDs and DVDs (optical media) can also be scanned.

After a media device is authorized:

  • If you make changes to the contents of the device in a trusted environment with Media Encryption & Port Protection, the device is not scanned again each time it is inserted.

  • If you make changes to the contents of the device in an environment without Media Encryption & Port Protection installed, the device is scanned each time it is inserted into a computer with Media Encryption & Port Protection.

You can select one of these predefined options for a Media Encryption & Port Protection rule:

Require storage devices to be scanned and authorized -

  • Scan storage devices and authorize them for access - Select to scan the device when inserted. Clear to skip the scan.

    • Enable self-authorization - If this option is selected, users can scan the storage device manually or automatically. If this setting is cleared, users can only insert an authorized device.

      • Manual media authorization - The user or administrator must manually authorize the device.

        Allow user to delete unauthorized files - The user can delete unauthorized files detected by the scan. This lets the user or administrator authorize the device after the unauthorized files are deleted.

      • Automatic media authorization -The device is authorized automatically.

        Allow user to delete unauthorized files - The user can delete unauthorized files detected by the scan. This lets the user or administrator authorize the device after the unauthorized files are deleted.

  • Exclude optical media from scan - Exclude CDs and DVDs from the scan.