cancel
Showing results for 
Search instead for 
Did you mean: 

HDLP Monitoring

Hi Guys,

I have a task of blocking all USB based devices in our org. I have created a couple of rules on the host dlp and am able to block most of the USB pen drives. my next headache is smartphones (apple, samsung, htc). I see a lot of users plug in their devices to their computers but i dont see anything on the device monitor.

is there any rule i can create which would log all usb devices which are connected to the pc. i can use this to later start blocking devices based on their device types etc.

thanks for your help.

Nishant.

3 Replies
Tristan
Level 15
Report Inappropriate Content
Message 2 of 4

Re: HDLP Monitoring

This thread might help point you in the right direction

https://community.mcafee.com/message/242995#242995

https://community.mcafee.com/message/232931#232931

The only problem is that by blocking based on USB device strings will produce a long list.

Message was edited by: Tristan on 08/08/12 13:09:59 IST

Re: HDLP Monitoring

Thanks Tristan. ill have a look at that.

tonyw
Level 12
Report Inappropriate Content
Message 4 of 4

Re: HDLP Monitoring

Apple and Blackberry devices are not seen as removable storage devices.  Most Android devices are seen as removable storage. 

Your best bet is to configure a Plug and Play device rule to monitor USB.  This will create the missing device plug events you are missing and allow you to export the information from the event and create enforcement or exception rules as needed.