You can configure a Media Encryption & Port Protection rule to require malware and unauthorized file type scans when a storage device is attached. You also can require a user or an administrator to authorize the device. This protection makes sure that all storage devices are malware-free and approved for use on endpoints.
On E80.64 and higher clients, CDs and DVDs (optical media) can also be scanned.
Note - After a media device is authorized:
You can select one of these predefined options for a Media Encryption & Port Protection rule:
Action |
Description |
---|---|
Require storage devices to be scanned and authorized. Allow self-authorization. |
Scan the device when inserted. If this option is selected, users can scan the storage device manually or automatically. If this setting is cleared, users can only insert an authorized device. |
Require storage devices to be scanned and authorized. Do not allow self-authorization. |
Scan the device when inserted. Specified administrators must authorize the device after a successful scan. |
Do not scan storage devices |
Storage devices are not scanned when inserted and no authorization is necessary. |
New |
Create a custom action with different authorization and media scan requirements. |
You can configure which file types can or cannot be on storage devices.
To configure which file types can be on storage devices:
The default is unauthorized with all file types allowed.
If you selected Unauthorized mode, select the file types that are not blocked from storage devices.
If you selected Authorized mode, select the file types that are allowed on storage devices.
To enable or disable scans for optical media (CDs and DVDs):
You can create custom actions that have different requirements for authorization and the media scan. You can let users connect storage devices without a scan or delete unauthorized file types from the storage device.
To define custom actions:
Parameter |
Description |
---|---|
Name |
Unique action name. |
Comments |
Optional textual comments. |
Scan storage devices and authorize them for access |
Select to scan the device when inserted. Clear to skip the scan. |
Enable self-authorization |
If this option is selected, users can scan the storage device manually or automatically. If this setting is cleared, users can only insert an authorized device. |
Automatic media authorization |
The device is authorized automatically. |
Allow user to delete unauthorized files. |
The user can delete unauthorized files detected by the scan. This lets the user or administrator authorize the device after the unauthorized files are deleted. |
Manual media authorization |
Users or administrator must manually authorize the device. |
Allow user to skip media scan |
The user can optionally skip the scan when a device is connected to a client. |