cancel
Showing results for 
Search instead for 
Did you mean: 
aixaixon
Level 7

Removable storage file access rule...block all but .jpg

Jump to solution

Hi

Hope you can help me out.

When creating a removable storage file access rule you can choose file formats to restrict. I see no option to block all files to then add *.jpg to whitelist. Even if there was an option to block all files you cant use a * in whitelist - you have to know the exact file name.

Only option is to tick all offered file formats except .jpg....which a massive hole in security.

How have you dealt with this issue?

Thanks heaps!

PS using 4.6.6 + DLP Device Control 9.2

0 Kudos
1 Solution

Accepted Solutions
vimalnavis
Level 13

Re: Removable storage file access rule...block all but .jpg

Jump to solution

From the product guide:

Removable Storage File Access Rule — Used to block executables on plug‑in devices from running

Removable Storage File Access (RSFA) rule does not have an exclude option which is why you cannot use it the way you want to.

Data Loss Prevention is meant to stop restricted data flow from the computer to outside. You will not be able to restrict data flow coming from outside to the computer which is why I said RSFA is meant to be used for a different purpose.

I understand your requirement, but that's not what the RSFA rule was meant to be used for. You may include all the file extensions in the policy and just leave jpg unchecked, but your OP already states that is not an option for you.

Message was edited by: vimalnavis on 7/19/13 8:39:34 AM CDT
0 Kudos
5 Replies
vimalnavis
Level 13

Re: Removable storage file access rule...block all but .jpg

Jump to solution

Removable Storage File Access rule is not meant to be used for the purpose you stated. You would use this rule only if you want DLPe to block all types of access to certain File Extensions (Read and Write).

You need to use Removable Storage Protection rule instead.

0 Kudos
aixaixon
Level 7

Re: Removable storage file access rule...block all but .jpg

Jump to solution

Thanks for your reply

Isnt the Removable Storage Protection rule ment to be working the other way around? Protecting the content on your PC to be copied on the Removable Storage?

0 Kudos
vimalnavis
Level 13

Re: Removable storage file access rule...block all but .jpg

Jump to solution

From the product guide:

Removable Storage File Access Rule — Used to block executables on plug‑in devices from running

Removable Storage File Access (RSFA) rule does not have an exclude option which is why you cannot use it the way you want to.

Data Loss Prevention is meant to stop restricted data flow from the computer to outside. You will not be able to restrict data flow coming from outside to the computer which is why I said RSFA is meant to be used for a different purpose.

I understand your requirement, but that's not what the RSFA rule was meant to be used for. You may include all the file extensions in the policy and just leave jpg unchecked, but your OP already states that is not an option for you.

Message was edited by: vimalnavis on 7/19/13 8:39:34 AM CDT
0 Kudos
aixaixon
Level 7

Re: Removable storage file access rule...block all but .jpg

Jump to solution

Thanks

I totally see why....DLP is for DLP. Blocking incoming stuff is different. Just wanted to make sure before I present it to a client. In all fairnes it would have been pretty easy to include this option tho IMO...but again - that would be out of scope for what the soft is ment to do.

Thanks again for confirming this.

0 Kudos
vimalnavis
Level 13

Re: Removable storage file access rule...block all but .jpg

Jump to solution

The exclude option already exists for almost all the Content rules. I agree that it is a good to have option.

If you can, I would suggest you submit a PER:

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

0 Kudos