Endpoint Encryption and mobile devices

[Ufoto 14]

Hello,

We have a pretty basic Endpoint Encryption setup where users are asked to encrypt their USB removable storage devices. Recently we noticed that when a phone is plugged in and its file system shown in Windows, nothing happens. Is this expected behavior? I know that mobile phones are detected as Windows Portable Devices rather than Removable Storage Devices, and encrypting the entire drive might not be recommended, but at least 'File' encryption where only a part of the drive is encrypted should be possible. 

My question is, are mobile devices eligible for encryption and our configuration is simply not properly set up. Or is the product supposed to target only removable storage devices such as memory sticks and portable hard drives?

Thank you in advance!

[Kstainton 31]

Hi @Ufoto,

You cannot use Removable Media Encryption to Encrypt a Mobiles Phones File System. Even if you managed it, the phone would no longer function as it wouldn't be able to read its own data due to the Encryption.

RME only offers to Encrypt drives that have volumes and a drive letter.

Thank you,

Kieran

Edited May 9, 2022 by Kstainton

[Ufoto 14]

Thank you for the confirmation. I was aware about encrypting the whole storage area, however I was unsure about 'File' encryption. 

[Kstainton 31]

Hi @Ufoto

File Encryption is also not possible, the way I should have put it is that Removable Media Encryption, whether it be FDE or File is not possible on a Mobile Device.

Thank you.

[Ufoto 14]

Apologies for the unrelated question, but is it possible to make the Mobile Devices read-only using the Endpoint Encryption solution? This would be a workaround in our scenario.

Thank you again!

[Kstainton 31]

17 hours ago, Ufoto said:

Apologies for the unrelated question, but is it possible to make the Mobile Devices read-only using the Endpoint Encryption solution? This would be a workaround in our scenario.

Thank you again!

Hi @Ufoto,

The EEE Server / EEE Client, cannot do this directly at the moment, we may look into this for a future addition to our software.

The reason why it cannot do it at the moment is because RME uses a File System Filter Driver so it works with devices that expose a file system. Mobile Devices do not provide a file system, they use Windows Portable Devices which I can see from your previous messages you have a complete understanding of.

I am afraid at this time you will need to setup Read/Write permissions using your GPO for WPD devices. I do apologize if this causes any inconvenience. 

Thank you.

Kieran

Edited May 10, 2022 by Kstainton

[Ufoto 14]

1 hour ago, Kstainton said:

Hi @Ufoto,

The EEE Server / EEE Client, cannot do this directly at the moment, we may look into this for a future addition to our software.

The reason why it cannot do it at the moment is because RME uses a File System Filter Driver so it works with devices that expose a file system. Mobile Devices do not provide a file system, they use Windows Portable Devices which I can see from your previous messages you have a complete understanding of.

I am afraid at this time you will need to setup Read/Write permissions using your GPO for WPD devices. I do apologize if this causes any inconvenience. 

Thank you.

Kieran

Hi Kstainton,

 

Thank you for the comprehensive answer. I understand now.

 

Have a great day ahead!

[Kstainton 31]

Hi @Ufoto,

No problem at all, have a lovely day