Data Loss Prevention

 View Only

  • 1.  Usage of Media Transfer Protocol to transfer data

    Posted Oct 10, 2012 04:32 AM

    Can DLP Endpoint catch data transferred using MTP protocol (Connect a smart phone to the endpoint, enable MTP and copy data to the phone's SD card). If yes, what protocol needs to be monitored? We have noticed that MTP does seem to fall under 'removable storage' protocol and does not log any incident if MTP is used to copy data to a phone



  • 2.  RE: Usage of Media Transfer Protocol to transfer data

    Posted Oct 10, 2012 11:22 AM

    @g,

     

    that is something i am looking at now as this is being discussed specifically with a client as the Samsung phones use the MTP along with the tablets. we are seeing what we can do as a 64 gig sd card or a phone can copy out a lot of data and you will never know it. Do you have SEP, as we are looking @ both to find out which one gives us the best solution.



  • 3.  RE: Usage of Media Transfer Protocol to transfer data

    Trusted Advisor
    Posted Oct 10, 2012 03:20 PM

    Is there a program on the endpoint devices that enables the MTP transfer? If so, you can find out the executable and create an application monitoring profile for the endpoints.

    This si the same approach that was there when it came to Bluetooth.

     

    Ronak



  • 4.  RE: Usage of Media Transfer Protocol to transfer data

    Posted Oct 12, 2012 02:23 AM

    We have SEP.. our onsite team is also looking at SEP to solve this problem.



  • 5.  RE: Usage of Media Transfer Protocol to transfer data

    Posted Oct 12, 2012 02:31 AM

    Thanks Ronak, This helps, as we were also looking for a solution to block Bluetooth usage. I will test this and see how it works for us.



  • 6.  RE: Usage of Media Transfer Protocol to transfer data

    Posted Nov 01, 2012 01:46 AM

    Did you guys find an executable for MTP or Bluetooth? I am also interested in this.



  • 7.  RE: Usage of Media Transfer Protocol to transfer data

    Trusted Advisor
    Posted Nov 01, 2012 04:56 PM

    The bluetooth executable is already in the DLP platform. It is called Microsoft Windows Bluetooth and is already registered in the Application Monitoring (fsquirt.exe).

     

    I am not sure about the MTP transfer

     

     



  • 8.  RE: Usage of Media Transfer Protocol to transfer data

    Posted Nov 07, 2012 08:15 PM

    MTP registry : C:\Windows\inf\wpdmtp.inf

    MTP Application : WudfHost.exe

     

    Based on my Question thread : https://www-secure.symantec.com/connect/forums/block-confidential-data-mobile-device-androidblackberryiphone

     

    Thanks



  • 9.  RE: Usage of Media Transfer Protocol to transfer data

    Posted Nov 07, 2012 08:37 PM
    I found that MTP used WudfHost.exe for Protocol in Windows. I think we can registered in the Application Monitoring and add WudfHost.exe to monitor. cause i don't have any Lab, can someone try this for me ? Thanks


  • 10.  RE: Usage of Media Transfer Protocol to transfer data

    Posted Dec 05, 2012 07:26 AM

     

     

    If you wanted to block only confidenhtail data than you should add class ID of that SD card devices. you should also take help of DLP application monitoring and control feature. 

    https://www-secure.symantec.com/connect/forums/dlp-bluetooth-prevention-endpoint-prevent

    https://www-secure.symantec.com/connect/forums/usage-media-transfer-protocol-transfer-data

    In short the services which helps to copy any data tranfer throgh some device driveres for medium bluetooth, wifi,usb,SD card can be blocked.