Attack surface reduction
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 90%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sam Molyneux
0
Reputation points
Hello
I've set up a new attack surface reduction policy to allow external devices such as USB storage, CD drives and memory card readers. The USB storage has mostly been working apart from a couple here and there, my main concern is the SD card readers.
The HardwareId and Device instance path have been entered into the reusable settings for the memory card readers themselves, however the memory cards when entered do not show in file explorer. When checking device manager the memory card reader will show but the actual memory cards will not. Do I need to somehow get the data from the memory cards to whitelist them separately? As far as I can see there is no way to do this as only the readers show in device manager.
I've attached some screenshots of the memory card showing in storage > Disks and Volume and Device manager.
Microsoft Security | Intune | Security
Sign in to answer