Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Usage of Media Transfer Protocol to transfer data

Created: 10 Oct 2012 | 9 comments
@g's picture

Can DLP Endpoint catch data transferred using MTP protocol (Connect a smart phone to the endpoint, enable MTP and copy data to the phone's SD card). If yes, what protocol needs to be monitored? We have noticed that MTP does seem to fall under 'removable storage' protocol and does not log any incident if MTP is used to copy data to a phone

Comments 9 CommentsJump to latest comment

stumunro's picture

@g,

 

that is something i am looking at now as this is being discussed specifically with a client as the Samsung phones use the MTP along with the tablets. we are seeing what we can do as a 64 gig sd card or a phone can copy out a lot of data and you will never know it. Do you have SEP, as we are looking @ both to find out which one gives us the best solution.

@g's picture

We have SEP.. our onsite team is also looking at SEP to solve this problem.

DLP Solutions2's picture

Is there a program on the endpoint devices that enables the MTP transfer? If so, you can find out the executable and create an application monitoring profile for the endpoints.

This si the same approach that was there when it came to Bluetooth.

 

Ronak

 

Please make sure to mark this as a solution

 

 

to your problem, when possible.

 

 

 

@g's picture

Thanks Ronak, This helps, as we were also looking for a solution to block Bluetooth usage. I will test this and see how it works for us.

Dean Thomson's picture

Did you guys find an executable for MTP or Bluetooth? I am also interested in this.

DLP Solutions2's picture

The bluetooth executable is already in the DLP platform. It is called Microsoft Windows Bluetooth and is already registered in the Application Monitoring (fsquirt.exe).

 

I am not sure about the MTP transfer

 

 

 

Please make sure to mark this as a solution

 

 

to your problem, when possible.

 

 

 

Andhika Krisna's picture

MTP registry : C:\Windows\inf\wpdmtp.inf

MTP Application : WudfHost.exe

 

Based on my Question thread : https://www-secure.symantec.com/connect/forums/block-confidential-data-mobile-device-androidblackberryiphone

 

Thanks

Andhika Krisna's picture

I found that MTP used WudfHost.exe for Protocol in Windows. I think we can registered in the Application Monitoring and add WudfHost.exe to monitor.

cause i don't have any Lab, can someone try this for me ?

Thanks

kishorilal1986's picture

 

 

If you wanted to block only confidenhtail data than you should add class ID of that SD card devices. you should also take help of DLP application monitoring and control feature. 

https://www-secure.symantec.com/connect/forums/dlp...

https://www-secure.symantec.com/connect/forums/usa...

In short the services which helps to copy any data tranfer throgh some device driveres for medium bluetooth, wifi,usb,SD card can be blocked.