Blocking copying on mobile devices

[TomasDZP 0]

Hi,

I need to create a policy which will be blocking copying files on mobile devices from our personal laptops. I already created policy where we blocked all usb except these which are allowed and this policy is working correctly but only for USB.

Any help please?

Thanks

Tomas

[Marcos 5,074]

How are the phones connected with the PC if not via USB?

[TomasDZP 0]

Hi Marcos

That`t the problem. They are connected via USB.

[TomasDZP 0]

Marcus I´m trying to use policy type "Portable device" see attachment. Am I doing something wrong?

[Marcos 5,074]

If you open Device manager in Windows, does the phone appear in the Portable devices section?

[TomasDZP 0]

Hi Marcos,

Yes phone appears in Portable Devices section.

[Marcos 5,074]

I'm not sure if I understand it correctly, you've created a permissive rule for portable devices and at the same time you want to block them? If you change the policy from "allow" to "block", are they blocked?

[TomasDZP 0]

Mi Marcos,

I want to create a policy which will block copying data from laptops on mobiles or other way via USB. Basically if I connect android phone and allow on that phone "data transfer" I am able to copy any data from my laptop on mobile, using Total Commander for example. My idea is to block this operation. I want to create same policy what we have on USB keys, where every USB keys are blocked except these which we allowed (we have device groups with allowed USB keys)

If you change the policy from "allow" to "block", are they blocked? - they are not blocked

 

T 

[TomasDZP 0]

[Marcos 5,074]

Could you please connect a phone which is not blocked via the rule to Endpoint, click the Populate button in the Device Control rule editor and check if the detected information match those specified for "dovera" device group including possible leading or trailing spaces? Did you manually enter the vendor, model and serial number or you used the Populate button to get this info?

If you remove "vendor" from "dovera" device group, does the rule work then?

[TomasDZP 0]

Actually the group "dovera" contains USB keys informations. I thought the policy how is created allows only devices which are in the "dovera" device group, so imho I thought that everything should be blocked except these which are in "dovera" group.

Am I wrong?

[Marcos 5,074]

You should create another blocking rule for all portable devices and put it below the permissive rule in the list.