My corporate environment uses:
McAfee DLP Endpoint version 188.8.131.52
McAfee ePO version 4.6.0
As I have put in place a plug and play definition for the following to block off iPhones in the corporate environment:
bus type: USB
device class: imaging devices, windows portable device
device name: Apple (partial match)
Afterwhich, I have created a plug and play rule with the above definition to be blocked off for the users.
During testing, I have found out that the first instance of the device will be captured and installed onto the desktop. It is able to charge the phone connected and access the phone's folder to the content.
Upon the second instance of the event, the device was being blocked by the McAfee DLP and it wasn't be able to charge and get access into the folders.
Can I ask why is this so?
Are the nessesary drivers pre-installed prior to this first connection.
It's possible that the iPhone is presenting itself as/being detected as a Mass Storage device first before Windows has completed the driver set up.
The phone wasn't connected to the terminal at all and the policy rule with the definition has been set in place.
But once the phone was connected to the desktop, the desktop actually registers the device and installs the driver and allowing user to transfer photos and also being to charge.
Also, i have set the device class to be blocking imaging devices and also, Windows portable device (which supposingly should be mass storage device).
I'm currently using a plug and play definition and rule.
Please advise as the first instance should block the phone connection directly instead of letting it run the driver and installing it instead.
Try using a different parameter like Device Name. I have rare instances where one parameter works better over the other.
Thanks for the reply.
For the plug and play definition, I'm trying to block off all the Apple products that are trying to be plugged into the desktop.
Thus, my settings were set as according:
bus type: USB (using cable)
device class: imaging devices, windows portable device (two boxes that I've ticked)
device name: Apple (partial match, because some products may appear as iPod or iPhone or iPad)
Are there other parameters that I would need to consider?
Would there be another alternative way to block off personal smart phones such as iPhones other than the below stated?
Plug and Play device definition 1:
Plug and Play rule A creation:
Would a plug and play device rule be sufficient to block off entirely or is there like another device rule that I have left out on my side.
Do we need to have a rule for removable storage device or any other rules needed?
On our end we are still trying to test out the various rules/definitions for other aspects such as thumbdrives and such.
I have seen somewhat of the opposite at my company. We want to allow reading from devices and charging. When I first connect an Android device, I get a popup warning as expected, and I am unable to save to the device but it charges. However, upon the second detection, the device is detected as a Windows Portable Device, and I am able to save files to it. If I enable a PnP rule, the device is blocked completely on the second detection and does not charge, but I am unable to see files at all.
So it seems that there is an issue with the double detection, and I am unable to configure a rule to work. I want to use a Device Detection, but I have tried a number of parameters, and none work. When the device comes in as a Portable Device, it seems that a PnP is the only thing that will work, but it does a complete block.