Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1940 Views 12 Replies Latest reply: Feb 19, 2014 3:06 PM by vimalnavis RSS 1 2 Previous Next
cdobol Apprentice 159 posts since
Feb 23, 2009
Currently Being Moderated

Aug 6, 2013 4:08 PM

Blocking Non Removable Mass Storage Devices - What Do You Do?

I know this topic has come up many times before, but I am wondering how people block writing to devices that do not show up as removable mass storage.  I have seen suggestions from blocking all image and portable device classes, to maintaining a list of VID/PIDs.  I'm not sure either one of those options will work for us. I'm just curious how everyone handles this.  With more and more devices being released this is becoming a bigger concern in our company.

  • vimalnavis McAfee SME 207 posts since
    Feb 23, 2010

    Other than the options you mentioned, the only other thing that you can do is to wait for 9.3 Patch 1. If I am not mistaken, this version adds native support for MTP.

  • pierce Champion 402 posts since
    Feb 22, 2011

    Try a plug n play device rule to block device class 'windows portable devices' that will block all those pesky mobile phones from connecting. However it will also disable windows 7 charging iphone devices.... which is either good or bad depending on your persepective.

  • vimalnavis McAfee SME 207 posts since
    Feb 23, 2010

    Can you provide more details on what devices you need to block? If those device do not use MTP, then the MTP support will not help you.

  • Scott Sadlocha Newcomer 41 posts since
    Jun 12, 2013

    I am trying to do something similar. I want to allow reading from devices and charging of phones, but I can't do it. A device detection rule will allow it, but it seems that there is a double detection with smartphones. The first uses the rule, the second shows the device as a Windows Portable Device and bypasses the device rule. A PnP rule will block this, but block it completely and not allow charging. It seems that there is no way to get what I need. I have tried numerous parameters on the rules, but nothing seems to work.

  • jayantlakhotia Newcomer 8 posts since
    Feb 5, 2013

    MTP rule is supposed to work with Removable Storage Protection rule and not with any Device Rules.

     

    You can apply a rule to block all content being copied to all removable storage devices, and this will help you in achieving block of copying to MTP devices while allowing to charge them.

    Ensure Portable devices handler is enabled.

     

    Hope I could help

    J.L.

  • ProfessorMadman Newcomer 15 posts since
    May 12, 2010

    The way that MTP blocking has been implemented in 9.3.1 is nothing short of retarded.

     

    We have RS rules in place that makes Removable Storage on all bus types read-only with the exception of EERM-encrypted devices (and using EEFF to enforce encryption of USB media).  This works beautifully for non-MTP RS.  Now, because MTP is enforced via an RSPR and not a RSDR, blocking write access to this is impossible without affecting our EERM-encrypted devices.  It just prevents writing content on all removable storage devices now, inlcuding our EERM-encrypted devices when the RSPR rule is in force.

     

    Why is there no mechanism to exclude/include devices by definition in the RSPR rule or some way of differentiating between MTP and normal RS-based devices?

     

    Anyone have any suggestions?

     

    Cheers

    Jaco

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points