cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

DLP USB mass storage block

Jump to solution

Hi All,

I'm having some trouble configuring mass storage and removable USB drive blocking.

I've got DLP installed on my EPO.

I then deployed the DLP agent to my test laptop

Then created 2 device definitions.

One to block plug and play USB devices and another to block removable mass storage.

I've then created 2 device rules and included the device definitions into my 2 rules.

I've applied the rules which then kicks a process off that checks the rules. The rules passed the test.

I've then ran the policy check on my test laptop which goes away and checks for updates.

I then tested by connecting a USB flash drive to my laptop but it did not block the flash drive and i could browse the files on the drives.

I used this document as a refference guide to perform these tasks

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24536/en_US/...

Any help in diagnosing my issue would be much appreciated.

Thanks

Sohail

1 Solution

Accepted Solutions

Re: DLP USB mass storage block

Jump to solution

Hi,

To block phones, please use the following definition:

phones.png

And create a plug and play rule to block the definition. It worked for me

Best regards,

Jose Maria

View solution in original post

9 Replies

Re: DLP USB mass storage block

Jump to solution

Hi all,

i've now successfully managed to block usb flash drives.

I had not applied the correct user group to the rule.

I still cannot block mobile phone mass storage like iPhones and other android based phones.

Does anybody have any ideas.

Thanks

Sohail

bphang
Level 10
Report Inappropriate Content
Message 3 of 10

Re: DLP USB mass storage block

Jump to solution

If somehow your company policy changes and allow MTP devices to be read only, you can achieve that by setting the GPO to set Windows Portable Device as read only.

HTH

-bob

Re: DLP USB mass storage block

Jump to solution


Hi bphang,

I tried GPO with a test windows 7 laptop and could not get it to work but thanks for the suggestion.

Sohail

bphang
Level 10
Report Inappropriate Content
Message 5 of 10

Re: DLP USB mass storage block

Jump to solution

wpd.JPG

Had no issue with mine.

Re: DLP USB mass storage block

Jump to solution


Thats interesting.

I had it configured as below.

USB Block GPO.JPG

When i first starting looking at configureing this most of the internet posts reffered to configureing as i have in my screenshot.

I did not come across any posts mentioning WPD devices.

I will have a go with this some time soon when i have free time.

Thanks bphang.

Sohail.

Re: DLP USB mass storage block

Jump to solution

Hi,

To block phones, please use the following definition:

phones.png

And create a plug and play rule to block the definition. It worked for me

Best regards,

Jose Maria

View solution in original post

Re: DLP USB mass storage block

Jump to solution

Thanks for the reply Jose.

I tried this again yesterday and managed to get it working.

Thanks Again

Sohail

rphalen
Level 7
Report Inappropriate Content
Message 9 of 10

Re: DLP USB mass storage block

Jump to solution

I have found a helpful website that list piratically all VID/PID info for manufactures. If the "Windows Portable Device" does not block a certain phone manufacture, you can always block using a VID - Vendor ID or PID - Product ID by creating a new PnP Device Definition . The updates to newer VID/PID's on this site are pretty frequent.

http://www.linux-usb.org/usb.ids

In order to create a PnP rule to block by PID/VID, you can follow the product guide located in the link below.

https://kc.mcafee.com/agent/index?page=content&id=PD24536&actp=null&viewlocale=en_US&showDraft=false...

I hope this helps.

rphalen

Re: DLP USB mass storage block

Jump to solution

this is a great find rphalen and will be really helpfull both to myself and other uers.

Thanks Pal.

Sohail

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community