4 Replies Latest reply on Apr 17, 2015 6:10 AM by palex

    DLP how do I block MTP




      I'd like to be able to block MTP in DLP. I'm running version 9.3.300.16.


      I've read that you can block MTP using a Removable Storage Protection Rule, but I can't find any reference to it.



      Am I being stupid? Can some point me in the right direction, just using small words please ;-)





        • 1. Re: DLP how do I block MTP

          Moved to DLP for a faster response.




          • 2. Re: DLP how do I block MTP

            Hi, alex01482!

            See Re: Blocking attchment sending through emails/webmails

            Removable Storage Protection Rule is in this window :-) This rule do not block MTP-Devices (it control copying files to MTP-devices)


            You can block MTP-Devices with Device Control in this :



            • 3. Re: DLP how do I block MTP

              Thanks for the reply palex


              To Block MTP using device rules will I have to know the Device_Id for every make\model I want to block? That's not really workable given all the possible variations.


              In this link Blocking Non Removable Mass Storage Devices - What Do You Do?


              some contributors suggest that 9.3 natively supports the blocking of MTP devices.

              • 4. Re: DLP how do I block MTP

                Hi, alexp01482!


                You do not need to enter the type and PID of all the devices to block them.

                First, using a DLP find all classes of devices that are in your network (there is a standard request in to the EPO). Then add the tab DLP Policy-Device Management-Device Classes (Windows only) all classes of devices, decide what you will control what is not. For example, attempts to control or lock the entire class of devices, such as controller USB lead to a blue screen of death on computers. Then make Device Definition. Turn back the device class that you want to monitor. Example, New device definition - PnP - USB Class code or Device Class.

                After that you need to make the Device rules. Do not forget that if you make a rule to protect, for example, blocking the smartphone, you must include a definition of the devices and to exclude other categories (Include one and Exclude another Device Definitions).