1 2 3 Previous Next 25 Replies Latest reply: Feb 12, 2015 10:43 AM by smithdm RSS

    HDLP Device Control (iPhones and IPODs)

    Dhatheway85

      I want to block the use of iPhones and iPods with device control feature of HDLP.  Currently I have a device definition setup to include all bus types of USB, but it does not register or log when I connect an iPhone via USB to a system with HDLP installed.  Can anyone please help me with this issue?

       

      ePO 4.5

      VSE 8.5

      HIPS 7.0 patch 6

      MA 4.0 patch 3

      HDLP 3.0

        • 1. Re: HDLP Device Control (iPhones and IPODs)

          Create a device def with - bus type:USB, file system: exFAT FAT 16 FAT 32 NTFS  and USB VID/PID for apple iphone & iPOD. Also check if its applied to the user group or not...

           

          - AB

          • 2. Re: HDLP Device Control (iPhones and IPODs)
            epository

            Strongly recommend reading this blog

             

            http://community.mcafee.com/community/business/data/blog/2010/05/10/practical-so lutions-for-securing-removable-media

             

            and then watching the YouTube videos, they are very informative (Hint: keepvid.com)

             

            McAfee has a huge library on YouTube which apparently they dont bother to tell customers about.

             

            If you can get a few iPod and iPhones to plug into machines, you should be able to pull the VID and PID's needed to block out of the setupapi.log.

             

            Then its a matter of creating rules and definitions and all the usual.  The videos are pretty good at explaining stuff that is VERY POORLY covered in the DLP manual

            • 3. Re: HDLP Device Control (iPhones and IPODs)
              SafeBoot

              iPhones don't present themselves as USB storage, so they won't get controlled under the standard USB rules - you can't copy files to an iPhone, you can only sync content via iTunes. You'll need to use a device id based rule to block them.

              • 4. Re: HDLP Device Control (iPhones and IPODs)
                MJT

                Not trying to start a fight but for people new to HDLP and watching these forums, I would like to point out there are other methods other than iTunes for copying files to iPhones/iPods. Of course these methods are not supported by Apple but it is not hard to figure out how to do.

                 

                I just want to make sure people know that the data loss risk is still as big of a threat for those connecting iPhones/iPods as it is USB drives.

                • 5. Re: HDLP Device Control (iPhones and IPODs)

                  Block by creating an USB file system rule with iPhone, iPOD PID/VID. That works for me and sure will work for you =)

                   

                  Defintions:

                   

                  Bus type USB

                  File system type: NTFS, FAT etc

                  PID/VID: .....

                   

                  - Amiya

                  • 6. Re: HDLP Device Control (iPhones and IPODs)
                    bmartinson613

                    We block Apple products by the Imaging Devices class. Then just create what other exceptions that are needed on a VID/PID level (such as Fuji Cameras for Department X, Xerox Scanners for User Y).

                     

                    Initially we had tried to block by each Product ID. But we realized that this would become increasingly more difficult to manage and possibly slow to react to new Apple devices that are released. Most recently we'd discovered that iPads and the new iPhone 4 was getting through. And iTouchs were the same way. Classic iPods were being blocked by our Mass Storage rule.

                     

                    We are on v9 agent. Just thought this may help.

                    • 7. Re: HDLP Device Control (iPhones and IPODs)
                      DLarson

                      Using the product ID and vendor ID is the best way to go. I just plugged in my iPhone 4 and used USBview (a free utility from Microsoft) to get the product ID and vendor ID.

                       

                      PID: 1297

                      VID: 05AC

                       

                      You can get USBview here: http://www.ftdichip.com/Support/Utilities/usbview.zip

                      • 8. Re: HDLP Device Control (iPhones and IPODs)
                        cdobol

                        Speaking of these types of devices.... Has anyone have experience with Xoom tablets?   They show up as a Portable Devices and have a different Product ID when in USB debug mode.  Also they will let you copy data to it via explorer.   I assume the best way to block these devices is by VID/PID... or a combination of VID and Product Name?

                         

                        Any other interesting devices like this out there?

                         

                        Device Class GUID:   EEC5AD98-8080-425F-922A-DABF3DE3F69A

                        Device Class Name:   Portable Devices

                        Device Name:   Xoom

                        Device Compatible ID:   USB\MS_COMP_MTP&MS_SUBCOMP_00

                        Device Instance ID:   USB\VID_22B8&PID_70A9&MI_00\6&1C47A181&1&0000

                        Bus Type:   USB

                        Vendor ID:   22B8

                        Product ID:   70A9

                         

                        Device Class GUID:   EEC5AD98-8080-425F-922A-DABF3DE3F69A

                        Device Class Name:   Portable Devices

                        Device Name:   Xoom

                        Device Compatible ID:   USB\MS_COMP_MTP

                        Device Instance ID:   USB\VID_22B8&PID_70A8\17006144433FA1D7

                        Bus Type:   USB

                        Vendor ID:   22B8

                        Product ID:   70A8

                        • 9. Re: HDLP Device Control (iPhones and IPODs)
                          smalldog

                          Hi any update for this? i want to block Iphone and don't know what rule to use? If you have multi iphones device that blocking by PID/VID maybe not usefull. Thanks!

                          1 2 3 Previous Next