Hope you can help me out.
When creating a removable storage file access rule you can choose file formats to restrict. I see no option to block all files to then add *.jpg to whitelist. Even if there was an option to block all files you cant use a * in whitelist - you have to know the exact file name.
Only option is to tick all offered file formats except .jpg....which a massive hole in security.
How have you dealt with this issue?
PS using 4.6.6 + DLP Device Control 9.2
Removable Storage File Access rule is not meant to be used for the purpose you stated. You would use this rule only if you want DLPe to block all types of access to certain File Extensions (Read and Write).
You need to use Removable Storage Protection rule instead.
Thanks for your reply
Isnt the Removable Storage Protection rule ment to be working the other way around? Protecting the content on your PC to be copied on the Removable Storage?
From the product guide:
Removable Storage File Access Rule — Used to block executables on plug‑in devices from running
Removable Storage File Access (RSFA) rule does not have an exclude option which is why you cannot use it the way you want to.
Data Loss Prevention is meant to stop restricted data flow from the computer to outside. You will not be able to restrict data flow coming from outside to the computer which is why I said RSFA is meant to be used for a different purpose.
I understand your requirement, but that's not what the RSFA rule was meant to be used for. You may include all the file extensions in the policy and just leave jpg unchecked, but your OP already states that is not an option for you.
Message was edited by: vimalnavis on 7/19/13 8:39:34 AM CDT
I totally see why....DLP is for DLP. Blocking incoming stuff is different. Just wanted to make sure before I present it to a client. In all fairnes it would have been pretty easy to include this option tho IMO...but again - that would be out of scope for what the soft is ment to do.
Thanks again for confirming this.
The exclude option already exists for almost all the Content rules. I agree that it is a good to have option.
If you can, I would suggest you submit a PER: