Video Screencast Help

DLP Endpoint for preventing data transfer via SD Card off the network

Created: 04 Dec 2012 | 7 comments

I'm using DLP 11.1 Endpoint prevent. I would like to know if DLP can prevent data transfer via SD card while the laptop is off the network. And what exactly are the configurations that needs to be done at the enforce server to prevent data transfer via SD card.

Discussion Filed Under:

Comments 7 CommentsJump to latest comment

yang_zhang's picture

Yes, DLP Endpoint can monitor and block the sensitive data to be transfer to SD card, no matter the laptop is on the cooperation network or off the network.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
vstanley's picture

Yang: Couple of days back I had an incident wherein data was transfered to SD and it was captured by the DLP, but it was not prevented. Whereas all my data transfer to pen drives are blocked. So is there any special configuration for preventing data transfer via SD card.

kishorilal1986's picture

yes, You can do the same. But what exactly you wanted to achieve. You completely wanted to block any data transfer to SD card or only SD card Since you can do it by disable by endpoint Protection policy setting .

If you wanted to block only confidenhtail data than you should add class ID of that SD card devices. you should also take help of DLP application monitoring and control feature.

In short the services which helps to copy any data tranfer throgh some device driveres for medium bluetooth, wifi,usb,SD card can be blocked.

vstanley's picture

I want to block all data transfer via SD card and give exceptions only to Senior Mgmt. So where can I find this option of "Endpoint Protection Policy setting" in DLP?

DLP Enthusiast's picture

@ vstanley : Possibly, the data which was transferred to the SD card was protected under an IDM policy.

Endpoint Prevent cannot prevent the transfer of sensitive data under IDM Policy because it takes time for the DLP to match the sent data with the IDM Profile. However, the Admin or the concerned authorities will be notified with an Incident.

kishorilal1986's picture
hiVstanely, you can find the applicatiom/serviices used by particular device to transfer data and need well configure DCM detcetion policy with block responce rule.
Removable media monitoring
Endpoint Prevent lets you block data transferring from your hard drive to a
removable media device. Removable media includes the following devices:
■ USB flash drive
■ SD card
■ Compact flash card
■ FireWire connected device
When the Symantec DLP Agent detects that a violation has occurred, the data is
not transferred. An incident is created and sent to the Endpoint Server. When a
violation occurs, the Symantec DLP Agent displays a pop-up notification to the
user that informs the user that the violation has occurred. 
kishorilal1986's picture

Off the networkd DLP agent work on DCM technology and u should either use Application Control or make responce rule based on DCM rule to block sensetive information transfer.