Data Loss Prevention

 View Only
  • 1.  Block Confidential Data to Mobile Device (Android,BlackBerry,IPhone)

    Posted Nov 07, 2012 04:25 AM

    Dear All,

     

    I have installed Symantec Data Loss Prevention 11.5 On our Corporate network. I have create a policy (DCM) that can't copy confidential document to non-register USB.

    When i try to copy our confidential data to Mobile Device like Android tablet,Iphone Tablet and BlackBerry Phone, Our confidential data succsess to copy but when i try to copy our confidential data to non-register USB it's being Blocked.

    I try to use RegexID.exe to find regex id from my mobile device but i can't to find it.

     

    Can any one explain to me for the solution block copy confidential data into Mobile Device (MTP Transfer)? 

     

    Thanks For all your support



  • 2.  RE: Block Confidential Data to Mobile Device (Android,BlackBerry,IPhone)

    Posted Nov 07, 2012 08:13 PM

    I found that MTP used WudfHost.exe for Protocol in Windows. I think we can  registered in the Application Monitoring and add WudfHost.exe to monitor.

    cause i don't have any Lab, can someone try this for me ?



  • 3.  RE: Block Confidential Data to Mobile Device (Android,BlackBerry,IPhone)

    Posted May 01, 2013 11:22 AM

    Hi, i`m still trying to block. As soon I have anything I `ll post here.

    There are many services and process running to enable MTP protocol not just WudfHost.exe

    If you run procmon will be detected the follow process:

     

    WPDShextAutoplay.exe
    DeviceDisplayObjectProvider.exe
     
    Until now all of tests are not positive.


  • 4.  RE: Block Confidential Data to Mobile Device (Android,BlackBerry,IPhone)

    Posted May 02, 2013 03:27 AM

    Hi Andhika,

    Try to block by Class ID of those devices and try to identify associated MTP services to block by Application monitoring block . If possible try to block it by SEP client 12.1 and block the USB ports.



  • 5.  RE: Block Confidential Data to Mobile Device (Android,BlackBerry,IPhone)

    Posted May 03, 2013 04:23 AM

    @ K S Sharma

    We use DLP because it can block by content. So my customer don't want to use endpoint from SEP. 

    Thanks for your support bro :)