Obtaining Removable Media Serial Numbers for DLP Endpoint Policies

Obtaining Removable Media Serial Numbers for DLP Endpoint Policies

Problem
Starting from Forcepoint DLP (formerly Websense Triton AP-DATA) version 8.2, Endpoint Devices can be configured to include device serial numbers to limit the scope of inclusion compared to the use of wildcards.

In lieu of generating a sample incident from the device and pulling the serial number from the DLP incident information, is there a method to obtain the serial number beforehand?
Solution

To obtain the serial number easily on an environment with the removable media attached, the following command can be run in a Powershell window:

get-disk


From an Endpoint detection standpoint, an API call is made on both Mac and Windows operating systems rather than a direct query of Device Manager. The DLP reports lists this value from its received incident information.

Please note that Mac machines did not support the use of serial numbers for identification until Forcepoint One build 19.10.
Note The following article describes a similar procedure for Mac environments:
Determining serial numbers within Endpoint Devices for macOS DLP policies

    • Related Articles

    • F1E DLP Inline Proxy

      Introduction to the F1E Inline Proxy The Forcepoint DLP Inline Proxy, which runs locally on the F1E Endpoint Client machine, is the preferred way to enforce web policies and is intended to replace the use of F1E browser extensions. As described in ...

    • Forcepoint DLP backup

      How do I back up and restore Forcepoint DLP? Backup and Restore | Forcepoint DLP | 29-Apr-2022 Back up your Forcepoint DLP system periodically to safeguard your policies, forensics, configuration data, fingerprints, encryption keys, and more. ...

    • Linux F1E DLP Endpoint Support

      Summary Support for the Linux environment has ceased for the time being. Problem The Linux Endpoint appears to be missing from modern F1E releases and is not present within the F1E and Forcepoint DLP Endpoint Operating System and Browser Support ...

    • DLP Endpoint Incidents Missing Risk Level with Neo Endpoint Installed

      Summary Upgrade the Endpoint Classifier to the latest version to resolve the issue. Problem On a DUP-enabled DLP environment with the Neo and DLP Endpoint installed on a machine, generated Risk Ranking incidents are not showing the Risk Level when ...

    • Obtaining the Hybrid Neo Endpoint

      Summary Describes how to download the Hybrid Neo Endpoint from the Cloud Portal. Information As of 20th October 2021, the Neo Endpoint for Web Hybrid can be downloaded from the Cloud Portal. Customers should have already received an email with ...