Would like to seek for assistant on this. We deployed DLP Endpoint version 11.5 to control USB port usage. We defined policies to block any of removable USB storage and just allow to access when any special request.
This is working fine to block USB thumb drive and portable harddisk, and allow USB printer connection with no issue. However we found that iPhone and Android mobile are able to connect via USB and browse content inside the phone, which is a security concern at the moment.
Already enabled "iPhone Protection Mode" to "Block but allow charge" option under Data Loss Prevention Windows Client Configuration policy, but seems not working. And also there is no option for Android mobile.
Please advise if any configuration is missing and appreciate to share what option should I take. I would like to allow mobile charging feature for user but block data transfer on mobile.
i @Ting_Chung ,
Thank you for writing in here.
Kindly note that there is no such feature for Android mobiles in the windows client configuration. You can block the Android mobiles mass storage part using the PNP rules.
For Iphone, kindly follow the article below,
The devices aren't read as mass storage devices like the were in the past. They're read as Windows Portable devices which is a PnP rule so you're have to set the block there. Be careful with these because there might be other devices in your network that get classified as Windows Portable devices.
I added a Plug and Play Device policy rule with condition to any user and Plug and Play options for SmartPhones, USB Plug and Play Devices and Windows Portable Devices, and Reaction is block. However still unable to block the device device like Android. Any further idea for me to look into the issue.
Hi @Ting_Chung ,
You did not get any incidents from DLP after creating and applying this policy and connecting Android mobile device?
Can you verify if the policy has the ruleset mapped and the policy does not have any pending changes?.