We just started enforcing the blocking of removable media in ePO. We created a USB rule filled with definitions to allow particular USB External Hard Drives on the network by Serial number, and to block the rest. It blocks iPods just fine, old, and new ipods (with the exception of the touch) fine, as it is shown as removable storage devices.
Now here's the problem. iPod Touch's, and iPhones are still able to be plugged in the network. I notice that they show up as Camera's/Scanners on Windows machines. I'm looking for a way to block these? And if I make a new rule with definition, will it be a Plug N Play Rule/Definition or a USB Removable Rule/Defintiion? Thanks for the help!
On a side question, is there a way we can block devices by manufacterer, such as Apple devices in general? Or are Product ID's still required?
With a bit of plagiarism for the enemy
Create a new plug and play definition specifiying vendor id "05ac" (Apples vendor ID) and build your block rule based on that.
No idea if it works as i don't have any Apple devices to test with. Also i was able to create the definition in my DLP 9.2 on ePO 4.6 hopefully it's the same in yours.
I use plug and play definition using the 05AC as the vendor ID for the definition. The iPhones do not register as removable storage, so if you create as that type you will not block them. One note however: The rule blocks everything, so your device will not show up as "Apple iPhone" in the logs as it blocks at the root hub of the device.
Well the PnP device rule just specifying the Vendor ID 05AC did not work. I just plugged my iPhone and it installed without DLP popping up. I'm going to try the Product ID as well, and see if that works. Any help in what else I can do would be awesome. My other concern is also Droid phones and tablets.
I need your help. I'm trying to block iphones but i can't block the internal storage. When I plug the phone an event happens but i can transfer files to storage. How to block it?
I was having a similar trouble with Android devices. The mtp transfer was blocked but others types was allowed. I was set vendo and product ID but when I setted just the Vendor ID it worked! I don't no why but I'm happy for this" =D
You can't - if you use a "wrong" DLP version - no joke.
We had a support case open for over a year from T1 to T3 and the problem was not resolved until one "poc" version of the DLP.
Which DLP version do you use?
1st DLP 10.x version, which could block the iDevice internal storage is "Device Control 10.0.223POC" - none of them before could
do it right.
If DLP 11.x may block ... I don't know - as soon as we updated, it was totaly broken (for other users too).
If DLP 9.x may block ... I don't know, but I think, it also was brocken - regarding the internal storage (without installed iTunes).
Ty for your answer.
We use the 10..0.260.42 version but it's not working. For exemple, PTP tranfers are not blocked by DLP, I set the vendor ID and serial number but when I change to PTP transfer appears an photo icon, recognize as a cam.
The iPhone is blocking but not completely. An event happens but I can transfer files
you may use exactly this rule:
That's it - nothing more. If it doesn't work and your Diag-Tool says, the rule is working, it may be a corrupt rule or, your DLP version again is broken.
Try to build a new rule with just "05AC", enforce it to the client and try again.
If you plug in the device, it must be shown in the Diag-Tool and as action it must state "blocked". Also, this simple rule is enough, to block
access to you iPhones internal storage - if(!) DLP ist working.
We had the case nearly with all DLP-Versions, that the Diag-Toll stated "blocked", but nothing was blocked.
If it doesn't work, I'll recommend, you test "Device Control 10.0.223POC". Maybe your version again is broken.