cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 7

DLPe: PnP device rule issue

Jump to solution

Hi Guys,

I defined a PnP device rule to block smart phones, and use the built-in device template "Windows portable devices". but when i plug a generic USB flash disk, it seems triggering this PnP device rule, says a MTP device was blocked.

 

I opened Windows device manager, seems the USB is recognized as one MTP device and one normal disk and that's why the MTP part of the USB device got blocked.

 

I know it won't affect the use(read/write) of the USB, but i wonder if everything is working by design? does all the USB flash disk has a MTP device class type? btw i'm using Kingston DataTraveler 3.0 for the testing.

 

Thanks in advance!

1 Solution

Accepted Solutions
DLP_RS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: DLPe: PnP device rule issue

Jump to solution

I need to test it and may take some time. Not sure, but seems that there are some details in the below KB82966.

 

View solution in original post

6 Replies
DLP_RS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: DLPe: PnP device rule issue

Jump to solution

It may not be an expected behavior. It depends on Windows on how to recognize the device. Could you please share screenshots of Incident details, rule configured and Device Manager(when device is connected).

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 7

Re: DLPe: PnP device rule issue

Jump to solution

Hi ,

Below is the data you requested:

11.png12.png13.png

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 7

Re: DLPe: PnP device rule issue

Jump to solution

to add, i tested on both Windows7 and Windows10 1809, same behavior.

DLP_RS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: DLPe: PnP device rule issue

Jump to solution

I need to test it and may take some time. Not sure, but seems that there are some details in the below KB82966.

 

View solution in original post

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 7

Re: DLPe: PnP device rule issue

Jump to solution

looking forward to your test result and thanks for the KB.

btw now i'm able to block smart phones without blocking my USB(MTP part). i created a device template like this:

Snipaste_2019-07-11_21-55-38.png

do you think it's good to apply to production environments? - if you have better idea please ignore what i say above... thanks.

DLP_RS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: DLPe: PnP device rule issue

Jump to solution

It looks good. Make sure to apply it first few machines and monitor it for few days before rolling out to larger deployment.

I would suggest to review some of the in-built rulesets under DLP Policy Manager for more details.

You can access these rulesets by enabling the option->Show built-in rule sets samples under DLP Policy Manager.

 

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community