ADC Mass Storage Dilemma's
We currently run a ADC (specifically Application Control) policy to stop read and write to USB Mass Storage as filtered Device ID USBSTOR*. I have found that with more and more users using smart phones or phones that have a storage device to store data and have moved away from using the traditional Thumb drive type devices. This is a problem when you are using SEP to control mass storage as the mobile devices are detected by the OS as different devise ID's. These devices are not always detected as USBSTOR devices in device manager this makes SEP's ADC policy redundant. Some are detected as portable devices with unique device ID's.
Not wanting to invest time and money in creating rules for all differing variants on Mobile device I was wondering if anyone else has come across this and what your experiences are with mobile device storage? Have you moved away from SEP for this Device control, are you using multiple tools to control Mass Storage devices (e.g. Windows Group Policy, DLP agents and SEP...)?
Our goal is to stop malicious data theft and accidental data lose.
Thanks
Comments 6 Comments • Jump to latest comment
Hi,
I am using the below USB class id to disable all type of the USB Storage included Mobile
https://www-secure.symantec.com/connect/forums/adc-policy
Thanks.
Hi,
Refer this thread
https://www-secure.symantec.com/connect/forums/per...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
HI,
Check this thread
https://www-secure.symantec.com/connect/forums/sep-application-and-device-control-disable-portable-devices
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hi All, thanks for your responces they have been a great help. I am developing and testing some new rules now.
I'll have to bookmark these links.
In reference to Mobile Device Security, what security can be planned with respect to personal mobile phones used by employees in software development environment?
A mandatory security policy in the company that requires all employees to check their cell phones in at the front desk when in the building is one possible measure. This is not popular but then again there is always a trade-off between convenience and security. I know of companies that have put such a policy in place effectively.
If you are concerned that employees could copy proprietary information (source code, etc) onto the storage that is within their mobile phones, you could create a Application and Device Control (ADC) rule in Symantec Endpoint Protection to block them.
Smart phones and Application and Device Control in Symantec Endpoint Protection 11.0(http://www.symantec.com/docs/TECH147791)
Please do elaborate on other concerns! Mobile Device security is an area where I have a bit of experience.
Would you like to reply?
Login or Register to post your comment.