Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1103
Views
0
Helpful
7
Replies

Device control not applied after polocy updated in Cisco endpoint secu

Go to solution
EdieDudley14020
Level 1
Level 1

‎08-21-2023 08:40 AM

I've added device contol to my polocy for Windows devices.  I am using the default Global Policy with the setting to Block and notify users.  It has had a week to replicate but it isn't working.  Users are still able to attach a usb device and either download or upload files.  What am I missing?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎08-22-2023 05:17 AM

I've tested the feature several times and it worked as expected.  If you'd like some help, it would probably be best to open a TAC case so someone can look at the logs and help you determine the issue.

Thanks,

Matt

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎08-21-2023 08:48 AM

There isn't really enough information here to say for certain what the issue is.  Have you checked to see if there is a policy update event for any of the devices you're testing with to verify the update has taken place?

0 Helpful

Go to solution
EdieDudley14020
Level 1
Level 1
In response to Matthew Franks

‎08-21-2023 08:55 AM

This in the Audit log
[cid:9cac5157-37ad-40b2-80e7-95cec69a44d0]
0 Helpful

Go to solution
EdieDudley14020
Level 1
Level 1

‎08-21-2023 09:29 AM

In the documentation it says that something is installed on the local device.  What should I be looking for? Registry change? It just doesn't look like the policy changed has been pushed.  I have updated the Product version to the latest and that change was pushed to all devices.

0 Helpful

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎08-21-2023 10:37 AM

If Device Control has been updated in the policy, you should see the rules in C:\Program Files\Cisco\AMP\dc\dc_rules.json. Also, Device Control is only supported on 8.1.3 and later, so make sure the connectors you're checking meet that requirement.

-Matt

0 Helpful

Go to solution
EdieDudley14020
Level 1
Level 1
In response to Matthew Franks

‎08-21-2023 01:39 PM

Matt,

Thank you for your reply. I did some testing with a laptop I was resetting. I've tried product versions 8.13, 8.15 & 8.17. None of them blocked the USB drive from being accessed. I set this up on a test machine last fall and it did work. Not sure what changed.
0 Helpful

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎08-22-2023 05:17 AM

I've tested the feature several times and it worked as expected.  If you'd like some help, it would probably be best to open a TAC case so someone can look at the logs and help you determine the issue.

Thanks,

Matt

0 Helpful

Go to solution
EdieDudley14020
Level 1
Level 1
In response to Matthew Franks

‎08-22-2023 06:14 AM

Thanks Matt, I open a case TAC
0 Helpful
Customers Also Viewed These Support Documents