Netskope Help

Device Classification for Windows

You can classify Windows devices based on these criteria:

  • Criteria match: Checks for All or Any of the criteria selected.

  • Encryption check: Checks for BitLocker drive encryption and/or PCP drive encryption

  • OPSWAT check: Checks for basic compliance or full compliance.

  • Registry check: Checks for Hkey local machine or current user, and Reg dword or sz.

  • Process check: Checks for specified processes, like Chrome.exe.

  • File check: Checks for specified files, like file.txt.

  • AD Domain check: Checks for AD domains, like company.local\Group

  • Certificate check: Checks for the specified certificate on the device.


    The Netskope Client looks for certificates in the User Store. If the certificates are stored in the System Store, export the certificates from the System Store (or Computer Account), and import the certificates to the User Store (or User Account).

    You can use your own certificates or the certificates downloaded from the Netskope UI (refer to Trusted Certificates).

    The certificate file must have a specific structure and be in PEM format. The Intermediate and Root certificates need to be combined into a single PEM file. The order of those two certs in that PEM file must be Intermediate first, and then Root below it.

After selecting Windows on the New Device Classification dropdown list, follow these steps to classify your Windows device. Select options and enter the requested parameters.

  1. Rule Name: Enter a name for this classification rule.

  2. Classification Criteria: Select an All or Any criteria match.

  3. Encryption: To classify a device to be encrypted, choose one or both of these options:

    • BitLocker

    • PGP

  4. OPSWAT: To use an OPSWAT check, select Full Compliance or Basic Compliance from the Check Type dropdown list, and then enter the GEARS license key.

  5. Registry: To classify a device when one or more registry keys are found on a device, select an HKEY type from the dropdown list, and then enter the key and value. Next select the registry type from the dropdown list, and if needed, enter text in the Data field.

  6. Process: To classify a managed device based on the presence of any one or more processes, enter the executable file name.

  7. File check: To classify a device based on the presence of any one or more files, enter the file name.

  8. AD Domain: To classify a device associated to any one or more domains listed, enter the domain name.

  9. Certificate: To look for certificates on the device. If one is found it will show on this page. To upload a new certificate, click Select File, and then upload your certificate file.

  10. When finished, click Save.

After creating a device classification rule, you can use it in a Real-time Protection policy.

  1. To use this Device Classification in a Real-time Protection policy, click Policies > Real-time Protection in the Netskope UI. Select an existing policy or click New Policy and choose a policy type.

  2. Proceed through the Users, Cloud Apps + Web, DLP/Threat Protection, and Select Activities sections.

  3. For Additional Attributes, click Access Method and select either Client, Mobile Profile, or Reverse Proxy, and then click Save. Click Device Classification, and then select Managed or Unmanaged, based on the devices you just classified.

    • Managed means the device is managed; the device information sent by the Client matches at least one of the device classification checks configured for that Client's OS.

    • Unmanaged means the device is unmanaged; the device information sent by the Client matches none of the device classification checks configured for that Client's OS.

    When finished, click Save and then Next.

  4. Combine device classification with other policy elements, like using the Block Action for specified applications for activities like uploading files from managed or unmanaged devices. Finish creating or updating this policy to establish this device classification. Click Apply Changes for this policy.

After the policy has been created, perform the process for which the policy was created. Next go to SkopeIT > Application Events and click the magnifying icon for an event to open the Application Event Details panel. In the User section you'll see a Device Classification field, which shows one of these device classifications.