I have a task of blocking all USB based devices in our org. I have created a couple of rules on the host dlp and am able to block most of the USB pen drives. my next headache is smartphones (apple, samsung, htc). I see a lot of users plug in their devices to their computers but i dont see anything on the device monitor.
is there any rule i can create which would log all usb devices which are connected to the pc. i can use this to later start blocking devices based on their device types etc.
thanks for your help.
This thread might help point you in the right direction
The only problem is that by blocking based on USB device strings will produce a long list.Message was edited by: Tristan on 08/08/12 13:09:59 IST
Apple and Blackberry devices are not seen as removable storage devices. Most Android devices are seen as removable storage.
Your best bet is to configure a Plug and Play device rule to monitor USB. This will create the missing device plug events you are missing and allow you to export the information from the event and create enforcement or exception rules as needed.