Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
13660 Views 24 Replies Latest reply: Jun 21, 2013 10:46 AM by thelostgirl RSS 1 2 3 Previous Next
Dhatheway85 Newcomer 11 posts since
Dec 4, 2009
Currently Being Moderated

Dec 4, 2009 11:18 AM

HDLP Device Control (iPhones and IPODs)

I want to block the use of iPhones and iPods with device control feature of HDLP.  Currently I have a device definition setup to include all bus types of USB, but it does not register or log when I connect an iPhone via USB to a system with HDLP installed.  Can anyone please help me with this issue?

 

ePO 4.5

VSE 8.5

HIPS 7.0 patch 6

MA 4.0 patch 3

HDLP 3.0

  • CIPHENT.com Champion 321 posts since
    Nov 4, 2009
    Currently Being Moderated
    1. Dec 7, 2009 3:44 PM (in response to Dhatheway85)
    Re: HDLP Device Control (iPhones and IPODs)

    Create a device def with - bus type:USB, file system: exFAT FAT 16 FAT 32 NTFS  and USB VID/PID for apple iphone & iPOD. Also check if its applied to the user group or not...

     

    - AB

  • epository Apprentice 85 posts since
    Jan 23, 2010
    Currently Being Moderated
    2. Jul 21, 2010 10:23 AM (in response to CIPHENT.com)
    Re: HDLP Device Control (iPhones and IPODs)

    Strongly recommend reading this blog

     

    http://community.mcafee.com/community/business/data/blog/2010/05/10/practical-so lutions-for-securing-removable-media

     

    and then watching the YouTube videos, they are very informative (Hint: keepvid.com)

     

    McAfee has a huge library on YouTube which apparently they dont bother to tell customers about.

     

    If you can get a few iPod and iPhones to plug into machines, you should be able to pull the VID and PID's needed to block out of the setupapi.log.

     

    Then its a matter of creating rules and definitions and all the usual.  The videos are pretty good at explaining stuff that is VERY POORLY covered in the DLP manual

  • SafeBoot Group Leader 8,592 posts since
    Oct 28, 2008
    Currently Being Moderated
    3. Jul 22, 2010 7:04 AM (in response to Dhatheway85)
    Re: HDLP Device Control (iPhones and IPODs)

    iPhones don't present themselves as USB storage, so they won't get controlled under the standard USB rules - you can't copy files to an iPhone, you can only sync content via iTunes. You'll need to use a device id based rule to block them.


    Heisenberg is pulled over for speeding: “Do you know how fast you were going?” the police officer asks, incredulously. “No,” replies Heisenberg, “but I know exactly where I am!”
    Personal Blog : http://mcaf.ee/simon | Corporate Blog : http://SIBlog.mcafee.com | Create your own safe, short URL's - http://mcaf.ee

  • MJT Newcomer 2 posts since
    Nov 4, 2009
    Currently Being Moderated
    4. Jul 22, 2010 9:45 AM (in response to SafeBoot)
    Re: HDLP Device Control (iPhones and IPODs)

    Not trying to start a fight but for people new to HDLP and watching these forums, I would like to point out there are other methods other than iTunes for copying files to iPhones/iPods. Of course these methods are not supported by Apple but it is not hard to figure out how to do.

     

    I just want to make sure people know that the data loss risk is still as big of a threat for those connecting iPhones/iPods as it is USB drives.

  • CIPHENT.com Champion 321 posts since
    Nov 4, 2009
    Currently Being Moderated
    5. Jul 22, 2010 2:55 PM (in response to MJT)
    Re: HDLP Device Control (iPhones and IPODs)

    Block by creating an USB file system rule with iPhone, iPOD PID/VID. That works for me and sure will work for you =)

     

    Defintions:

     

    Bus type USB

    File system type: NTFS, FAT etc

    PID/VID: .....

     

    - Amiya

  • bmartinson613 Newcomer 5 posts since
    Aug 16, 2010
    Currently Being Moderated
    6. Aug 16, 2010 12:56 PM (in response to CIPHENT.com)
    Re: HDLP Device Control (iPhones and IPODs)

    We block Apple products by the Imaging Devices class. Then just create what other exceptions that are needed on a VID/PID level (such as Fuji Cameras for Department X, Xerox Scanners for User Y).

     

    Initially we had tried to block by each Product ID. But we realized that this would become increasingly more difficult to manage and possibly slow to react to new Apple devices that are released. Most recently we'd discovered that iPads and the new iPhone 4 was getting through. And iTouchs were the same way. Classic iPods were being blocked by our Mass Storage rule.

     

    We are on v9 agent. Just thought this may help.

  • DLarson McAfee SME 236 posts since
    Nov 14, 2008
    Currently Being Moderated
    7. Mar 17, 2011 12:06 PM (in response to Dhatheway85)
    Re: HDLP Device Control (iPhones and IPODs)

    Using the product ID and vendor ID is the best way to go. I just plugged in my iPhone 4 and used USBview (a free utility from Microsoft) to get the product ID and vendor ID.

     

    PID: 1297

    VID: 05AC

     

    You can get USBview here: http://www.ftdichip.com/Support/Utilities/usbview.zip

  • cdobol Apprentice 159 posts since
    Feb 23, 2009
    Currently Being Moderated
    8. Mar 22, 2011 6:33 AM (in response to DLarson)
    Re: HDLP Device Control (iPhones and IPODs)

    Speaking of these types of devices.... Has anyone have experience with Xoom tablets?   They show up as a Portable Devices and have a different Product ID when in USB debug mode.  Also they will let you copy data to it via explorer.   I assume the best way to block these devices is by VID/PID... or a combination of VID and Product Name?

     

    Any other interesting devices like this out there?

     

    Device Class GUID:   EEC5AD98-8080-425F-922A-DABF3DE3F69A

    Device Class Name:   Portable Devices

    Device Name:   Xoom

    Device Compatible ID:   USB\MS_COMP_MTP&MS_SUBCOMP_00

    Device Instance ID:   USB\VID_22B8&PID_70A9&MI_00\6&1C47A181&1&0000

    Bus Type:   USB

    Vendor ID:   22B8

    Product ID:   70A9

     

    Device Class GUID:   EEC5AD98-8080-425F-922A-DABF3DE3F69A

    Device Class Name:   Portable Devices

    Device Name:   Xoom

    Device Compatible ID:   USB\MS_COMP_MTP

    Device Instance ID:   USB\VID_22B8&PID_70A8\17006144433FA1D7

    Bus Type:   USB

    Vendor ID:   22B8

    Product ID:   70A8

  • smalldog Champion 616 posts since
    Nov 12, 2009
    Currently Being Moderated
    9. Jun 7, 2012 11:25 PM (in response to cdobol)
    Re: HDLP Device Control (iPhones and IPODs)

    Hi any update for this? i want to block Iphone and don't know what rule to use? If you have multi iphones device that blocking by PID/VID maybe not usefull. Thanks!


    - - - - - - - - - - - - - - -
    McAfee Customer
    Smalldog
1 2 3 Previous Next

More Like This

  • Retrieving data ...

Incoming Links

Bookmarked By (4)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points