Drive whitelist rules

To block drives, the macOS Agent supports:

• Windows hardware ID of the parent USB device (optionally with serial number)

• Numerical USB IDs for vendor, product and revision (optionally with serial number)

• Windows rules for vendor, product and revision names; from version 2024.2 optionally with serial number

• All three rule types are also supported in drive collections.

• From version 2024.2, the drive events are reported with Windows-compatible vendor, product and revision names.

To configure a drive rule (as whitelist or blacklist), please proceed as follows:

1. In the Drives node, select Drive whitelist rule. Open the context menu, select New and then Hardware ID rule.

2. On the General tab, please enter the drive’s hardware ID. This ID consists of the vendor ID (VID), product ID (PID) and revision number (REV).

3. On the Permissions tab, specify whether to deny (lock) or allow the drive (depending on your removable drive settings).

   Note that locking with access for defined users/groups is not possible on macOS agents.

In the figure below, the USB drive with hardware ID USB\VID_058F&PID_6387&REV_0105 is locked for use.