Endpoint Security and Control 9/10 builds significantly upon the basic device control functionality released in Sophos Anti-Virus 7.6. The device control configuration was moved into its own policy in with the release of Enterprise Console version 4 (for current console version see article 11846).
Applies to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control 9.5
Sophos Endpoint Security and Control 10.0
Sophos Device control now allows an administrator to manage the use of storage devices and network interfaces connected to all managed endpoints. The following devices are supported:
|Storage ||Network interfaces |
|Removable storage, including thumb drives, USB keys, external hard disks (see note below on external hard disks) ||Wireless |
|Secure removable storage, including devices from SanDisk, Kingston, IronKey and SafeStick. Refer to the knowledgebase article Supported secure removable storage devices. ||Modems, including 3G / EDGE USB modems |
|Optical media drives (CD / DVD / Bluray) ||Bluetooth |
|Disk drives (Floppy drives) ||Infrared (IrDA) |
Note: External hard disks - Sophos device control will recognize these provided they report themselves as such to the operating system. This is brand dependent, some brands of external hard disk do not report their status to the operating system. In these cases, Sophos device control will not recognize them as external.
Sophos device control is 'port agnostic' which means that it will support any port used to connect the device. This includes USB, FireWire, SATA and PCMIA interfaces.
Device control policies
Guidelines for creating and rolling out policies are in the Enterprise Console Policy setup guides.
Each device type supports both device instance and model exceptions. This means that a USB key which belongs to a given individual can be exempted from the removable storage block policy. It also means that all (for example) Verizon USB modems could be exempted by model type from the modem block policy. Exceptions can be commented so it’s easy to record who requested the exception and when.
Exceptions are made easy to manage using the device control event viewer. This is a new reporting tool available within Enterprise Console. It enables you to quickly filter events generated by the device control policy. Events generated by devices being blocked can then be used to authorize those devices.
Note: Exempting individual devices is based on the device having a unique device instance ID. See article 110566 for more information.
Messaging and reporting
Customized desktop messaging can be displayed when a device is blocked. The message can be used to direct end users to a copy of your acceptable use policy or provide IT team contact details.
Device control reports can be scheduled and provide detailed trend reports on topics such as all devices blocked over the past month or the top 20 users with devices blocked over the quarter.
On the dashboard the administrator can track the number of endpoints which have recorded device control events over the past seven days. The threshold for an endpoint being flagged in the dashboard can be configured and this data is used to track unusual or exceptional behavior on managed endpoints. The computer list view in SEC can also provide a view of endpoints sorted by the number of device control events recorded over the previous seven days.