cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block mobile devices with HDLP

Jump to solution

Hi,

I would like to block all mobiles devices (apple, Samsung...) with HDLP only and not USB or other devices. I would like to block everything without putting all the Vendor ID and Device ID for each Device as that is impossible because the high number of Vendor/Device id that exists.

Any help configurin that rule?

HDLP 9.3 patch 2

Best regards,

Jose Maria

1 Solution

Accepted Solutions
moriega
Level 10
Report Inappropriate Content
Message 4 of 8

Re: Block mobile devices with HDLP

Jump to solution

Greetings,

The way we were able to get this to work was by creating a Device Definition with the below Parameters. When a device is plugged in to the system, in Device Manager you will see it under the Portable Devices category. You may need to create exception definitions (bluetooth, imaging devices, etc). You can then select these definitions as excluded to prevent them from being blocked in the rule.

Bus Type: USB

Device Class: Windows Portable Devices (screen shot inserted)

Also, keep in mind you may have some users that will need an exception, so you may need to have two rules, one rule to block and one rule to just monitor. Hope that helps.

DLP Definition.png

View solution in original post

7 Replies
SafeBoot
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: Block mobile devices with HDLP

Jump to solution

I don't see how this could be possible - a USB key and a cellphone which supports USB storage are exactly the same as far as the OS is concerned - both are simply Generic USB storage devices. The only difference is the vendor ID etc.

What exactly is your use case? I am confused as to why you'd want to allow USB sticks, but not allow USB storage phones etc?

Apple is a little different as it does not present itself as a generic USB storage device etc, but same question - why is a USB stick ok, but a phone, not?

Re: Block mobile devices with HDLP

Jump to solution


Hi,

Well, we have an USB rule that is already blocking USB as expected, but Mobile phones are not considered USB protection rule as they are considered plug and play. So What we need is a rule that can block all the mobiles phones without needs to put every Vendor ID. I have tested a plug and play rule setting up the Vendor ID and it is blocked but it is impossible definí for each provider (apple, Samsung) the Vendor id

Best regards,

Jose Maria

moriega
Level 10
Report Inappropriate Content
Message 4 of 8

Re: Block mobile devices with HDLP

Jump to solution

Greetings,

The way we were able to get this to work was by creating a Device Definition with the below Parameters. When a device is plugged in to the system, in Device Manager you will see it under the Portable Devices category. You may need to create exception definitions (bluetooth, imaging devices, etc). You can then select these definitions as excluded to prevent them from being blocked in the rule.

Bus Type: USB

Device Class: Windows Portable Devices (screen shot inserted)

Also, keep in mind you may have some users that will need an exception, so you may need to have two rules, one rule to block and one rule to just monitor. Hope that helps.

DLP Definition.png

View solution in original post

vimalnavis
Level 13
Report Inappropriate Content
Message 5 of 8

Re: Block mobile devices with HDLP

Jump to solution

I would suggest that you enforce the USB + WPD definition in Monitor for a period of time before blocking. Cameras and scanners will match the above definition as well.

Smart phones connect to the OS using a MTP protocol. If your intent is to protect sensitive data from being copied to Smart phones, in v9.3 MTP is supported by Removable Storage Protection rule.

This does not allow you to set the device as Read-Only though.

Logesh
Level 7
Report Inappropriate Content
Message 6 of 8

Re: Block mobile devices with HDLP

Jump to solution

HI 

I try to block Android mobile internal storage its not working. i create a policy like

Bus Type: USB

Device Class: Windows Portable Devices

and smartphone,Windows portablity & All Apple devices block its not working.

Thanks

Re: Block mobile devices with HDLP

Jump to solution

Hi moriega,

I have done a quick test and it works perfect!! I need to test deeply but thank you very much for your big help

Best regards,

Jose Maria

moriega
Level 10
Report Inappropriate Content
Message 8 of 8

Re: Block mobile devices with HDLP

Jump to solution

Jose,

You're welcome. Happy to hear that it worked out for you.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community