Microsoft Defender for Endpoint device control for PathCam

Article, How To, Support Doc, Uncategorized

Microsoft Defender for Endpoint device control for PathCam – healthcare IT guide

Summary – how to enable camera acquisition with least privilege on Windows endpoints secured by Microsoft Defender for Endpoint. Uses guidance text, no screenshots.

What typically breaks

  • USB device control or removable storage policies block MTP or storage interfaces the camera exposes.

  • Controlled folder access or ASR rules deny PathCam writes to working directories.

  • Competing apps hold a camera handle.

Minimal viable allow strategy

  • Device control – allow by hardware IDs when justified.

    • Find VID and PID: Device Manager -> View -> Devices by connection -> camera -> Properties -> Details -> Hardware Ids.

    • Prefer allow rules scoped to a PathCam host group, not global.

  • Controlled folder access – allow PathCam executables and working folder.

    • Windows Security -> Virus and threat protection -> Ransomware protection -> Allow an app -> add PathCam app binaries and working directory.

  • ASR and Defender exclusions – use only when necessary, scoped to the PathCam host group, reviewed and time-boxed.

How to verify on Windows

  • Settings -> Bluetooth and devices -> Devices lists Canon EOS.

  • Device Manager -> Portable Devices shows Canon device.

  • PathCam can acquire the camera and write to the working folder or approved network share.

Change control notes

  • Scope by host group, document owner and review date, define rollback, validate after change.

[Optional areas for screenshots: Device Manager Hardware Ids, Controlled folder access allow dialog, Defender policy view.]