Video Screencast Help

Block Confidential Data to Mobile Device (Android,BlackBerry,IPhone)

Created: 07 Nov 2012 • Updated: 07 Nov 2012 | 4 comments
Andhika Krisna's picture

Dear All,

I have installed Symantec Data Loss Prevention 11.5 On our Corporate network. I have create a policy (DCM) that can't copy confidential document to non-register USB.

When i try to copy our confidential data to Mobile Device like Android tablet,Iphone Tablet and BlackBerry Phone, Our confidential data succsess to copy but when i try to copy our confidential data to non-register USB it's being Blocked.

I try to use RegexID.exe to find regex id from my mobile device but i can't to find it.

Can any one explain to me for the solution block copy confidential data into Mobile Device (MTP Transfer)? 

Thanks For all your support

Comments 4 CommentsJump to latest comment

Andhika Krisna's picture

I found that MTP used WudfHost.exe for Protocol in Windows. I think we can  registered in the Application Monitoring and add WudfHost.exe to monitor.

cause i don't have any Lab, can someone try this for me ?

Lucas Veiga's picture

Hi, i`m still trying to block. As soon I have anything I `ll post here.

There are many services and process running to enable MTP protocol not just WudfHost.exe

If you run procmon will be detected the follow process:

WPDShextAutoplay.exe
DeviceDisplayObjectProvider.exe
 
Until now all of tests are not positive.

Lucas Veiga
Sr Technical Support Engineer

STS | SSE+ | CompTIA Security+

kishorilal1986's picture

Hi Andhika,

Try to block by Class ID of those devices and try to identify associated MTP services to block by Application monitoring block . If possible try to block it by SEP client 12.1 and block the USB ports.

Andhika Krisna's picture

@ K S Sharma

We use DLP because it can block by content. So my customer don't want to use endpoint from SEP. 

Thanks for your support bro :)