Jamf Nation Community

Thanks so much for the link, I had tired that before twice, a couple of months ago, but the SD card reader still worked. I will try on a 'fresh' out of box build incase that is different. Do you know if this was a successfully resolved for the OP?

@steva07 Not sure, you could try deleting the kext and restart the machine. You'd probably have to check and make sure it isn't put back after any OS updates though.

If you need more usability than just all or none, try checking out http://www.endpointprotector.com

as @mojo21221 stated I use endpoint protector to lock down removable media on all the macs I manage and it does a great job.

i created a feature request a while back to include this functionality into the JSS however it never went anywhere.

Lot of my security-conscious clients use Endpoint Protector...

This Endpoint Protector has me interested. Those of you that have used it, what did you think?

Is anyone using endpoint protector and the TrustedDevices functionality? We have rolled out hardware encrypted flash drives to all of our staff that handle PHI and they are are being directed to use them but we are not currently doing anything to enforce their usage. I was asked to casually look into how we might accomplish this with OS X and endpoint protector looks like it supports just that scenario, blocking USB storage devices unless it is one of the TrustedDevices.

I had not heard of these guys so kudos to @Potter][/url for mentioning them.

I've never heard of endpoint protector, but it's an interesting choice to list Sony front and center on your homepage as a customer if you're selling data loss prevention.

@CasperSally - I'm not so sure about that. As far as any of us in the public know right now, the data breach at Sony wasn't about employees walking off with data on thumb drives, but about external intrusion. I haven't looked that thoroughly at Endpoint Protector, but in a quick glance on their site, it doesn't look like its supposed to offer external intrusion protection, but protection against internal data loss at the endpoints, which is a different thing.
The breach at Sony was likely the result of their security teams not adequately protecting their network. (though it might have also been an inside job)

We've got a couple of customers using it. The auditing side has helped them in a few cases where employees have tried to steal company data.

They should really relive sony from the homepage though! Well spotted @CasperSally

@mm2270 - I get all that, but from a purely PR standpoint, if I was selling any sort of data loss protection, I wouldn't be aligning myself with Sony. At a minimum, it seems little gain to just have to explain as you did before that it likely wasn't their fault.

@Kaltsas - I have 2 USB drives (LOK-IT & Kangru) set as Trusted Devices. I also created 3 different groups such as CD/DVD Allow, USB Allow, Allow All. Then when the user get the approval can add them to the group which will give them the ability to use that drive, port or whatever. I'm happy with EPP however it would be AWESOME if the JAMF offered this ability within the JSS....