Endpoint Protection

 View Only

  • 1.  ADC Mass Storage Dilemma's

    Posted Oct 19, 2012 03:25 AM

     

     

    We currently run a ADC (specifically Application Control) policy to stop read and write to USB Mass Storage as filtered Device ID USBSTOR*. I have found that with more and more users using smart phones or phones that have a storage device to store data and have moved away from using the traditional Thumb drive type devices. This is a problem when you are using SEP to control mass storage as the mobile devices are detected by the OS as different devise ID's. These devices are not always detected as USBSTOR devices in device manager this makes SEP's ADC policy redundant. Some are detected as portable devices with unique device ID's. 

    Not wanting to invest time and money in creating rules for all differing variants on Mobile device I was wondering if anyone else has come across this and what your experiences are with mobile device storage? Have you moved away from SEP for this Device control, are you using multiple tools to control Mass Storage devices (e.g. Windows Group Policy, DLP agents and SEP...)? 

    Our goal is to stop malicious data theft and accidental data lose. 

    Thanks

     



  • 2.  RE: ADC Mass Storage Dilemma's

    Posted Oct 19, 2012 03:36 AM

    Hi,

    I am using the below USB class id to disable all type of the USB Storage included Mobile

     

    USB Class: {36fc9e60-c465-11cf-8056-444553540000}

     

    https://www-secure.symantec.com/connect/forums/adc-policy



  • 3.  RE: ADC Mass Storage Dilemma's

    Broadcom Employee
    Posted Oct 19, 2012 04:16 AM

    Hi,

    Refer this thread

    https://www-secure.symantec.com/connect/forums/personal-mobile-phones-work-place

     



  • 4.  RE: ADC Mass Storage Dilemma's



  • 5.  RE: ADC Mass Storage Dilemma's

    Posted Nov 05, 2012 03:12 AM

    Hi All, thanks for your responces they have been a great help. I am developing and testing some new rules now. 



  • 6.  RE: ADC Mass Storage Dilemma's

    Posted Nov 05, 2012 02:29 PM

    I'll have to bookmark these links.



  • 7.  RE: ADC Mass Storage Dilemma's

    Posted Nov 06, 2012 12:36 AM

     

    In reference to Mobile Device Security, what security can be planned with respect to personal mobile phones used by employees in software development environment?

     

    A mandatory security policy in the company that requires all employees to check their cell phones in at the front desk when in the building is one possible measure.  This is not popular but then again there is always a trade-off between convenience and security.  I know of companies that have put such a policy in place effectively. 

     

    If you are concerned that employees could copy proprietary information (source code, etc) onto the storage that is within their mobile phones, you could create a Application and Device Control (ADC) rule in Symantec Endpoint Protection to block them.

    Smart phones and Application and Device Control in Symantec Endpoint Protection 11.0(http://www.symantec.com/docs/TECH147791

     

    Please do elaborate on other concerns!  Mobile Device security is an area where I have a bit of experience.