cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

DLP to block mobile device data transfer

Hi,

Would like to seek for assistant on this. We deployed DLP Endpoint version 11.5 to control USB port usage. We defined policies to block any of removable USB storage and just allow to access when any special request.

This is working fine to block USB thumb drive and portable harddisk, and allow USB printer connection with no issue. However we found that iPhone and Android mobile are able to connect via USB and browse content inside the phone, which is a security concern at the moment.

Already enabled  "iPhone Protection Mode" to "Block but allow charge" option under Data Loss Prevention Windows Client Configuration policy, but seems not working. And also there is no option for Android mobile. 

Please advise if any configuration is missing and appreciate to share what option should I take. I would like to allow mobile charging feature for user but block data transfer on mobile.

Thanks.

4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: DLP to block mobile device data transfer

@Ting_Chung ,

Thank you for writing in here. 

Kindly note that there is no such feature for Android mobiles in the windows client configuration. You can block the Android mobiles mass storage part using the PNP rules.

For Iphone, kindly follow the article below,

https://kc.mcafee.com/corporate/index?page=content&id=KB77769

 

Thank you.

Regards,
Jithendran S
McAfee Employee
Highlighted

Re: DLP to block mobile device data transfer

The devices aren't read as mass storage devices like the were in the past. They're read as Windows Portable devices which is a PnP rule so you're have to set the block there. Be careful with these because there might be other devices in your network that get classified as Windows Portable devices.

Highlighted

Re: DLP to block mobile device data transfer

I added a Plug and Play Device policy rule with condition to any user and Plug and Play options for SmartPhones, USB Plug and Play Devices and Windows Portable Devices, and Reaction is block. However still unable to block the device device like Android. Any further idea for me to look into the issue.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: DLP to block mobile device data transfer

Hi @Ting_Chung ,

You did not get any incidents from DLP after creating and applying this policy and connecting Android mobile device? 

Can you verify if the policy has the ruleset mapped and the policy does not have any pending changes?.

ruleset.PNG

 

Thank you.

Regards,
Jithendran S
McAfee Employee
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community