I would block executables on removable storage devices from beeing accessed /executed.
I use the predefined removable storage, extension and datatype definitions.
There´s a known issue in Data Loss Prevention Endpoint 11.x.x
|Issue: In the Removable Storage File Access Device rule, there is an Or condition between the file extension and the True File type. For example, if you define a rule to block the file extension exe and True File:HTML, both file types are blocked.|
there´s no reference, no related Article. It is a major funtion, that doesn´t work in my opinion.
I think it is much heavyer... the OR condition is between all definitions!
An empty USB Stick will be blocked!
Its a information which was shared related to rule. Even when u create a group to perform "AND" option, the option which it taskes is "OR", hence there is no more details on this.
What is the more details requitred for this?
Will it be fixed? When will it be fixed? Is there a tracking number?
If not, is there another option to block executables?
To block executables on Removable Storage devices is a required function for us.
By the way, to block executables on mpt devices would be nice to.
I thought it could be a workaround to use both definitions in the rule, because the issue description is only a "OR condition between file type and file extension" but there is a OR between Device definition too! So the Knwon issue is more affected and it makes the removable storage file access rule unusable.
In future release this might be fixed. Once the issue is fixed, the Knowledge base will be updated.
If there is any new requirement in this, then please raise a "Product Enhancement Request"