Data Loss Prevention

 View Only

  • 1.  Disabling removable media completely

    Posted May 22, 2018 01:47 PM

    Hello all,

     

    Can anyone tell me if there is a way to set up a DLP policy to block the use of Removable Media devices completely, but allow exceptions?

    I have created a Block Policy that removes the ability to write to removable media, with the exception of certain devices, but clients can still read from the other removable media.  I don't want the Media to be visible at all.  A full "block", not just from writing to it.

     

    Thanks

     



  • 2.  RE: Disabling removable media completely

    Trusted Advisor
    Posted May 22, 2018 06:52 PM

    Jamie,

    What version of DLP are you using? 

    This is available in V15, its under the agent configuration. You can diable the USB for writes or BOTH.

    If you want an exception for certain people, you will need to apply a DIFFERENT agent configuration that is associated to the USER or group.

    Make sure to assign the new or updated Agent Configuration

     

    Good Luck,

    Ronak

    PLEASE MARKED SOLVED WHEN POSSIBLE

     


  • 3.  RE: Disabling removable media completely

    Posted May 23, 2018 08:03 AM

    Thanks you Ronak,

    We have V15.  I'm not as concerned about who can use removable media, as to what kind of Removable Media is to be used.  I would like to remove the ability to use USB flash drives and hard drives for all users, with the exception of a specific type of encrypted USB Media.  All users can use this type of media, but only the media that is identified as acceptable.

     

    I can use policies to provide all access to the specific media, but have only been able to lock everything else down to Read Only.

     

    Thanks again.

    Jamie



  • 4.  RE: Disabling removable media completely

    Posted May 23, 2018 08:03 AM

    Thank you Ronak,

    We have V15.  I'm not as concerned about who can use removable media, as to what kind of Removable Media is to be used.  I would like to remove the ability to use USB flash drives and hard drives for all users, with the exception of a specific type of encrypted USB Media.  All users can use this type of media, but only the media that is identified as acceptable.

     

    I can use policies to provide all access to the specific media, but have only been able to lock everything else down to Read Only.

     

    Thanks again.

    Jamie



  • 5.  RE: Disabling removable media completely
    Best Answer

    Trusted Advisor
    Posted May 23, 2018 01:16 PM

    Jamie,

    So unfortuntely you can't have it both ways.. when it comes to DLP.

    DLP can either allow Read Access or block it completely, but you can't select which devices you can READ from only select ones that you can allow data to be written to.

    In order to control READ access to a specific type of USB is going to require the use of another type of Agent. That is typically an SW deployment agent or some agent that can do device control (Altiris etc) this is functionality that is more aligned with device control and not a DLP agent.

     

     

    Good Luck,

    Ronak

    PLEASE MARKED SOLVED WHEN POSSIBLE