There may be situations where you are enforcing Removable Media Encryption (RME) policy but have particular USB devices that you wish to exclude from the policy. The ESET Endpoint Encryption (EEE) Server supports the ability to whitelist devices by use of the RME exclusions list as detailed below.
- Connect the USB device you wish to exclude from all RME policy to your machine.
- Run the exclusion app available here: ESET Endpoint Encryption RME Exclusion App
- Select the required item in the Removable Drives list.
- The Parent Device ID/s section will update with the suggested settings.
- Select the required ID from the dropdown and click the Copy button to copy the string to your clipboard for use on the EEE Server.
- Login to the EEE Server and navigate to the Workstation Policy section.
- Select the entry RME Exclusions list.
- Click the Change Setting button.
- Add the string found using the exclusion utility into the setting field and click the OK button.
- The new exclusion settings will be applied to any newly installed Workstations with that Workstation Policy.
- To update the policy on existing activated Workstations select them in the Workstations list and click the Update Policy button.
The exclusion strings are made up of several parts as detailed below:
- Vendor ID (VID) - This defines which manufacturer made that produced. These values are unique between manufacturers.
- Product ID (PID) - This defines a model of the manufacturer's product. How this is used is up to the manufacturer but generally a new ID is given to each device range they produce.
- Revision (REV) - This defines the iteration of the hardware of a device, much like a version number is used for of a piece of software.
The EEE Server exclusion lists supports devices specified with or without a revision but they must contain both Vendor and Product ID's. The exclusions app will only offer the possible valid combinations for a device in the Parent Device ID/s drop down list.
You can specify more than one exclusion string in the EEE Server by using semi-colons to delimit the entries.
The exclusions list setting is stored within the registry of the client workstation in the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLMFENC under the REG_SZ key RemovableMediaExclusions.
Keywords: exclude, exclusion, whitelist, removable, RME, vendor