Reducing administrator burden when new serial port devices need to be allowed in an environment

What is a one sentence summary of your feature request?

Better management of Serial Port devices

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

In my environment we use Intel AMT/vPro and this creates a serial port device on each computer and these get blocked by EPP and I’m having to manually allow for each one. Looking to have some kind of automatic solution to simplify the management.

They are always named Intel(R) Active Management Technology - SOL (COM3) with a description of Intel(R) Active Management Technology - SOL (COM3)/Intel and there is no associated VID/PID, all of the info goes into the serial number field and looks like this:

COM_PCI_VEN_8086_DEV_51E3_SUBSYS_0B121028_REV_01_3_11583659_1_B3_6RW87HOB140917E5O4FVS73O8

The first part COM_PCI_VEN_8086_DEV_ is always the same, but the DEV ID can be different depending on the hardware model and the revisions/actual serial numbers are always different. Here are a few more for reference:

COM_PCI_VEN_8086_DEV_51E3_SUBSYS_0B1A1028_REV_01_3_11583659_0_B3_6RXBQXF9TKKAX2V7V7P1WN7NZ

COM_PCI_VEN_8086_DEV_7E73_SUBSYS_0CC21028_REV_20_3_11583659_0_B3_6RYM59XROX5KFIW1PL1EJO8FF

COM_PCI_VEN_8086_DEV_9DE3_SUBSYS_08E01028_REV_30_3_11583659_0_B3_1VQY3JAWFH8SLHYO4K7BNUCL4P

I have a similar use case for ACPI devices on Windows 365 that get blocked that I’m having to manually allow at the moment.

Always named Communications Port (COM2) with description of Communications Port (COM2)/(Standard port types) and no VID/PID at all, everything goes into the Serial Number field and looks like this:

COM_ACPI_PNP0501_2_1VR4PTYF2P22J10XO3EUPI59C9
COM_ACPI_PNP0501_2_1VREFOOT7H1HILWS87U0C88A2N
COM_ACPI_PNP0501_2_OE0ZZHKMBCE7TWC21P0YKUQ7
COM_ACPI_PNP0501_2_OE18AKDWQRV43YZHFZS9RYUG

How do you currently solve the challenges you have by not having this feature?

Created custom classes and set to allow access and then add the devices into the custom class one by one as they get discovered.

Hello Britt,

Thank you for submitting your idea!

We appreciate your input and would like to take some time to evaluate the technical feasibility and assess it further with our internal team. Rest assured, we will get back to you with an update as soon as possible.

We appreciate your patience and understanding in the meantime.

Kind Regards,
Simona

Hi Britt,

We fully understand that adding device exceptions one by one is not a practical or scalable approach for your environment. Therefore, after carefully reviewing the technical possibilities, we’re happy to share that we’ve decided to enhance the Serial Number Range functionality. The identified enhancement would be to define wildcards in the Device Serial Number Range field to simplify configuration of device-specific rights. This approach will address the challenge you’ve highlighted here.

Our team is currently investigating this, and we’ll be sharing updates on the expected timeline as we progress towards it. In the meantime, we recommend continuing with the workaround you’ve already identified, or alternatively, using the option to whitelist the Serial Port device within Device Control for smoother handling.

We appreciate your patience and valuable input, and we’ll be sure to keep you informed as progress is made.

Kind Regards,
Simona