cancel
Showing results for 
Search instead for 
Did you mean: 

Block mobile devices with HDLP

Jump to solution

Hi,

I would like to block all mobiles devices (apple, Samsung...) with HDLP only and not USB or other devices. I would like to block everything without putting all the Vendor ID and Device ID for each Device as that is impossible because the high number of Vendor/Device id that exists.

Any help configurin that rule?

HDLP 9.3 patch 2

Best regards,

Jose Maria

1 Solution

Accepted Solutions
moriega
Level 10
Report Inappropriate Content
Message 4 of 7

Re: Block mobile devices with HDLP

Jump to solution

Greetings,

The way we were able to get this to work was by creating a Device Definition with the below Parameters. When a device is plugged in to the system, in Device Manager you will see it under the Portable Devices category. You may need to create exception definitions (bluetooth, imaging devices, etc). You can then select these definitions as excluded to prevent them from being blocked in the rule.

Bus Type: USB

Device Class: Windows Portable Devices (screen shot inserted)

Also, keep in mind you may have some users that will need an exception, so you may need to have two rules, one rule to block and one rule to just monitor. Hope that helps.

DLP Definition.png

6 Replies
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: Block mobile devices with HDLP

Jump to solution

I don't see how this could be possible - a USB key and a cellphone which supports USB storage are exactly the same as far as the OS is concerned - both are simply Generic USB storage devices. The only difference is the vendor ID etc.

What exactly is your use case? I am confused as to why you'd want to allow USB sticks, but not allow USB storage phones etc?

Apple is a little different as it does not present itself as a generic USB storage device etc, but same question - why is a USB stick ok, but a phone, not?

Re: Block mobile devices with HDLP

Jump to solution


Hi,

Well, we have an USB rule that is already blocking USB as expected, but Mobile phones are not considered USB protection rule as they are considered plug and play. So What we need is a rule that can block all the mobiles phones without needs to put every Vendor ID. I have tested a plug and play rule setting up the Vendor ID and it is blocked but it is impossible definí for each provider (apple, Samsung) the Vendor id

Best regards,

Jose Maria

moriega
Level 10
Report Inappropriate Content
Message 4 of 7

Re: Block mobile devices with HDLP

Jump to solution

Greetings,

The way we were able to get this to work was by creating a Device Definition with the below Parameters. When a device is plugged in to the system, in Device Manager you will see it under the Portable Devices category. You may need to create exception definitions (bluetooth, imaging devices, etc). You can then select these definitions as excluded to prevent them from being blocked in the rule.

Bus Type: USB

Device Class: Windows Portable Devices (screen shot inserted)

Also, keep in mind you may have some users that will need an exception, so you may need to have two rules, one rule to block and one rule to just monitor. Hope that helps.

DLP Definition.png

Re: Block mobile devices with HDLP

Jump to solution

I would suggest that you enforce the USB + WPD definition in Monitor for a period of time before blocking. Cameras and scanners will match the above definition as well.

Smart phones connect to the OS using a MTP protocol. If your intent is to protect sensitive data from being copied to Smart phones, in v9.3 MTP is supported by Removable Storage Protection rule.

This does not allow you to set the device as Read-Only though.

Re: Block mobile devices with HDLP

Jump to solution

Hi moriega,

I have done a quick test and it works perfect!! I need to test deeply but thank you very much for your big help

Best regards,

Jose Maria

moriega
Level 10
Report Inappropriate Content
Message 7 of 7

Re: Block mobile devices with HDLP

Jump to solution

Jose,

You're welcome. Happy to hear that it worked out for you.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community