cancel
Showing results for 
Search instead for 
Did you mean: 
Dhatheway85
Level 7

HDLP Device Control (iPhones and IPODs)

I want to block the use of iPhones and iPods with device control feature of HDLP.  Currently I have a device definition setup to include all bus types of USB, but it does not register or log when I connect an iPhone via USB to a system with HDLP installed.  Can anyone please help me with this issue?

ePO 4.5

VSE 8.5

HIPS 7.0 patch 6

MA 4.0 patch 3

HDLP 3.0

29 Replies
CIPHENT.com
Level 11

Re: HDLP Device Control (iPhones and IPODs)

Create a device def with - bus type:USB, file system: exFAT FAT 16 FAT 32 NTFS  and USB VID/PID for apple iphone & iPOD. Also check if its applied to the user group or not...

- AB

0 Kudos
epository
Level 10

Re: HDLP Device Control (iPhones and IPODs)

Strongly recommend reading this blog

http://community.mcafee.com/community/business/data/blog/2010/05/10/practical-solutions-for-securing...

and then watching the YouTube videos, they are very informative (Hint: keepvid.com)

McAfee has a huge library on YouTube which apparently they dont bother to tell customers about.

If you can get a few iPod and iPhones to plug into machines, you should be able to pull the VID and PID's needed to block out of the setupapi.log.

Then its a matter of creating rules and definitions and all the usual.  The videos are pretty good at explaining stuff that is VERY POORLY covered in the DLP manual

SafeBoot
Level 21

Re: HDLP Device Control (iPhones and IPODs)

iPhones don't present themselves as USB storage, so they won't get controlled under the standard USB rules - you can't copy files to an iPhone, you can only sync content via iTunes. You'll need to use a device id based rule to block them.

0 Kudos
MJT
Level 7

Re: HDLP Device Control (iPhones and IPODs)

Not trying to start a fight but for people new to HDLP and watching these forums, I would like to point out there are other methods other than iTunes for copying files to iPhones/iPods. Of course these methods are not supported by Apple but it is not hard to figure out how to do.

I just want to make sure people know that the data loss risk is still as big of a threat for those connecting iPhones/iPods as it is USB drives.

0 Kudos
CIPHENT.com
Level 11

Re: HDLP Device Control (iPhones and IPODs)

Block by creating an USB file system rule with iPhone, iPOD PID/VID. That works for me and sure will work for you =)

Defintions:

Bus type USB

File system type: NTFS, FAT etc

PID/VID: .....

- Amiya

0 Kudos

Re: HDLP Device Control (iPhones and IPODs)

We block Apple products by the Imaging Devices class. Then just create what other exceptions that are needed on a VID/PID level (such as Fuji Cameras for Department X, Xerox Scanners for User Y).

Initially we had tried to block by each Product ID. But we realized that this would become increasingly more difficult to manage and possibly slow to react to new Apple devices that are released. Most recently we'd discovered that iPads and the new iPhone 4 was getting through. And iTouchs were the same way. Classic iPods were being blocked by our Mass Storage rule.

We are on v9 agent. Just thought this may help.

0 Kudos
hemantk
Level 12

Re: HDLP Device Control (iPhones and IPODs)

Hello SafeBoot,

"you can't copy files to an iPhone, you can only sync content via iTunes. You'll need to use a device id based rule to block them."

I have tried copying data to folders on iphone using ifunbox and it got copied. As per DLP product guide page no. 101 "The handler works with all data transfers made by Windows Explorer. It does not work with iOS devices, which use iTunes to manage the data transfers. One alternative strategy with iOS devices is to use a removable storage device rule to set the devices to read-only."

Please let me know hoe to control Data Transfer on IOS devices???

And also let me know what are the available controls of McAfee HDLP on IOS devices???

0 Kudos
DLarson
Level 12

Re: HDLP Device Control (iPhones and IPODs)

Using the product ID and vendor ID is the best way to go. I just plugged in my iPhone 4 and used USBview (a free utility from Microsoft) to get the product ID and vendor ID.

PID: 1297

VID: 05AC

You can get USBview here: http://www.ftdichip.com/Support/Utilities/usbview.zip

cdobol
Level 10

Re: HDLP Device Control (iPhones and IPODs)

Speaking of these types of devices.... Has anyone have experience with Xoom tablets?   They show up as a Portable Devices and have a different Product ID when in USB debug mode.  Also they will let you copy data to it via explorer.   I assume the best way to block these devices is by VID/PID... or a combination of VID and Product Name?

Any other interesting devices like this out there?

Device Class GUID:   EEC5AD98-8080-425F-922A-DABF3DE3F69A

Device Class Name:   Portable Devices

Device Name:   Xoom

Device Compatible ID:   USB\MS_COMP_MTP&MS_SUBCOMP_00

Device Instance ID:   USB\VID_22B8&PID_70A9&MI_00\6&1C47A181&1&0000

Bus Type:   USB

Vendor ID:   22B8

Product ID:   70A9

Device Class GUID:   EEC5AD98-8080-425F-922A-DABF3DE3F69A

Device Class Name:   Portable Devices

Device Name:   Xoom

Device Compatible ID:   USB\MS_COMP_MTP

Device Instance ID:   USB\VID_22B8&PID_70A8\17006144433FA1D7

Bus Type:   USB

Vendor ID:   22B8

Product ID:   70A8