Overview
You may face an issue where configured file type filters do not work, and the user is allowed to access file types that should be blocked.
Information
This issue occurs when the policy is a newly created policy and in the Create Protection Policy wizard, the 'Blank protection policy' option is selected.
In the agent log file, you will find the following error:
2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," policy guid: 6686fe16-804a-4372-8786-62a054c990bc" 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," read controlled categories:" 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," enabled categories: 0,1,2,3,4,5,6,7,9," 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," read controlled ports:" 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," enabled ports: 0,1,2,3,4,5,6,7," 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," read power users:" 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," read exception devices:" 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," read permissions:" 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," user fshq.fs\Ahmed.Elhosseiny (sid S-1-5-21-792885814-1249132539-559391517-28246) has" 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," read/write for category 2 with priority 1" 2013-07-21,14:00:33,353,3,"#00001144","#00001f58","info ","DevicesController"," read encryption support:" 2013-07-21,14:00:33,353,1,"#00001144","#00001f58","error ","DevicesController","Failed to read FileOptions settings!"
Note: The EndPointSecurity product is at the End of Engineering (EOE). Consequently, new EndPointSecurity patch fixes for issues/bugs detected are not possible.
However, two possible workarounds exist. Please try them out to resolve this issue:
Workaround One:
- Launch the Create a new policy Wizard.
- To do this, navigate to: Configuration > Protection Policies > Create a new protection policy
- To do this, navigate to: Configuration > Protection Policies > Create a new protection policy
- Click on Next to advance to the Controlled Categories and Ports section.
- For Controlled Device Categories, select the devices that you wish to control/block and click OK
- For Controlled Connectivity Ports, select the ports that you wish to control/block and click OK
- For Controlled Device Categories, select the devices that you wish to control/block and click OK
- Click on Next to advance to Global Permissions.
- Ensure that the "Block any access to the controlled devices" option is selected
- Ensure that the "Block any access to the controlled devices" option is selected
- Click on Next to advance to Storage Devices and make the required configurations
If you require guidance, do the following:- Click on the File-type Filter.
- Select the desired file type,
- Add the domain's Everyone user group.
- Click on OK.
- Repeat Step 4 if you need to add more file types. Otherwise, proceed to step 6.
- Click on Finish.
- On the left pane, click on the newly-created policy. Then, click on Set Permissions
- On the left pane, click on add permission(s)
- Select the devices/ports that you are controlling/blocking
- Add the domain's Everyone user group
- Click on Finish to view the new Permissions setting for Everyone
- Assign the policy to a target machine.
- Deploy the policy by deploying the selected agent
- Verify that the agent blocks the file types on the target machine.
Workaround Two:
- Create a new policy
- In the wizard choose 'Copy the settings of an existing protection policy'
- Select the 'General Control' policy (It is important to select this policy and not another one that was created by the user).
- Click on the Finish button
- Go to the new policy settings, delete current settings, and configure as necessary.