Requesting Specific Device Exceptions for Removable Media on University Systems managed by Endpoint Protector

To request an exception, please visit our IT Security Exception page. Please follow the following steps to gather the needed information:

  1. Click on the Endpoint Protector icon in the Menu bar. It is the one that has 3 dots in the middle going from top to bottom. Menu bar with Endpoint Protector icon
  2. Click on Endpoint Protector Client in the menu.  Menu list with Endpoint Protector Client highlighted
  3. The Endpoint Protector Client Interface should launch. You should be on the Device Control Tab.  Endpoint Protector Client on Device Control tab
  4. Insert the removable media you need to request an exemption for.
  5. The Endpoint Protector client should open up a window asking if you want to access this drive in Read Only mode or to Deploy the EasyLock application to encrypt the drive. Choose Continue as Read Only.  EasyLock access prompt options
  6. A popup may appear stating this drive is in read-only mode.
  7. The drive should appear in the Endpoint Protector Client under the Device Control Tab. The name should match or be close to the Device name from the EasyLock popup. Depending on how the manufacturer passes that info along, it may not be. Look for the device in the interface with the Yellow circle to the left of it.  Device Control tab
  8. In order to exempt this device specifically from Removable Media Management we will need the information from the following columns.
    • Device, VID, PID, and Device Code
  9. If you cannot see the entire Device Code in the interface, you can adjust the width of that column by placing your mouse to the right of Device Code. The cursor should change to a line with two arrows. Click and drag the cursor to the right until you can see the entire Device Code.
  10. In this example the information we would need would be as follows
    • Device: SanDisk / Ultra USB 3.0
    • VID: 781
    • PID: 5595
    • Device Code: 38E72A9B
  11. Create an Exception Request in TDX to be reviewed by GRC with the requested information included as well as the macOS Computer Name. The macOS Computer Name can be found by going to System Preferences -> Sharing.
  12. Once GRC has approved the exception request and the process has been completed on the Endpoint Protector Management server the device should be allowed full access the next time the macOS system checks in. TDX should notify you when this all has been completed. This tends to be fairly quick and automatic, but you may need to tell the Endpoint Protector Client on the system to check for updated policies.
  13. You can do this by clicking on the Endpoint Protector Client icon in the Menu Bar and then clicking on Update Policies Now.  Update Policies Now highlighted
  14. You can verify that the drive has access by going into the Endpoint Protector Client and looking for the device on the Device Control tab. If it has access there will be a Green circle to the left of the name of the device.
  15. The Endpoint Protector Client should no longer prompt to go Read Only or Encrypt the device when it is mounted from this point on and the system should have full access to the device. If the device is formatted with any MS file systems and you are having issues with the drive still being Read Only you may need to Erase the device using Disk Utility.
Print Article

Details

Article ID: 3172
Created
Tue 2/6/24 2:12 PM
Modified
Mon 10/7/24 10:04 AM