- Confirm if the "dc_dev_exception.csv" file exists in the following locations:
- If the Apex Central Server was upgraded from Control Manager: \Trend Micro\Control Manager\WebUI\WebApp\widget\repository\widgetPool\product\OSCE\
- If the Apex Central Server is a fresh install: \Trend Micro\Apex Central\WebUI\WebApp\widget\repository\widgetPool\product\OSCE\
Click the image to enlarge.
- If the file is missing, create a new "dc_dev_exception.csv" file in the specified location. In the file, add the USB device's Vendor, Model and Serial ID.
The listdeviceinfo tool can be used to collect the information. Refer to the following articles:
- Excluding USB storage devices and mobile phones in Apex One Device Control
- Adding items with missing values from ListDeviceInfo reports to Approved Device(s) List
- Redeploy the DLP policy to the Endpoint, and check if the USB storage device is still blocked.
- Navigate to the the Apex One Server’s installation directory, and edit ..\PCCSRV\Ofcscan.ini and add the following line:
[Global Setting] Enable_Global_DLP_Dev_Exception=1
Click the image to enlarge.
If "Enable_Global_DLP_Dev_Exception" already exists, make sure the the value is set to 1. - Save the changes and close the file.
- Open the Apex One server web console and click Agents > Global Agent Settings on the main menu to access the Global Agent Settings page.
- Click Save to deploy the setting to agents.
- After the Global Settings are deployed, check the Apex One client’s registry and make sure the following keys exist:
- For 32-bit: HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite\EnableDlpGlobalDevException=1
- For 64-bit: HKLM\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite\EnableDlpGlobalDevException=1
Click the image to enlarge.
- Wait for at least 5 minutes, then manually update the endpoint's agent by clicking Update Now. After updating, check if the USB device is still getting blocked.
If the issue is still the same, please collect the following information:
- Endpoint's CDT. Refer to Using the Case Diagnostic Tool (CDT) to collect the information needed by Technical Support
- dc_dev_exception.csv from the Apex Central Server.