Data Control - from USB to hard disk

Great suggestion. Hopefully someone has a way to make that happen.

Hey,

Thank you for the reply :)

So I guess this feature doesn't exist then?

Is this something that could be added possibly to the functionality of the Data Control Policy?

Thank you,

Cheers

Is this something that could be added possibly to the functionality of the Data Control Policy

I'm not Sophos and of course not the product manager.

I think the answer is: Very likely not now and perhaps "never". Why? General copying is not a special function but basically a write preceded by a read. You can't block a file when it's opened for reading (as there is no way to figure out the intent of the application) so you have to scan the file when it is written. If you select a "target device" in Data Control (aka as data leakage prevention) Sophos prohibits write access for all applications except Explorer.

Doing this for the hard disk is, well, not an excellent idea. What can be done though is restricting reading from external storage. But this might just be what you want anyway. Of course this will also prevent copying from e.g. USB to USB.

Christian

Hey,

I was not aware of the complications associated with trying to detect such a procedure.

I thought since it was possible to block .exe's from being copied from the computer to a USB key it would be possible to do the reverse. My knowledge of how the OS handles these types of requests is limited.

Thank you though for shedding some light on my question, to bad it probably won't be possible.

Thank you

Cheers

Hi,

Good question - and QC highlights some of the challenges in implementing a "hard drive" option for data control. We have looked at blocking executables being copied off USB keys as part of the device control policy but the feature has never got high enough up the priority list to compete with some of the other things we want to do for device control (e.g. add MTP / PTP device blocking) or best protection. Any malware stored on the USB key should be blocked by AV/HIPs and application control will cover many of the applications that users want to bring in from home and will also pick up any "portable" apps download via a browser. For data control our next big priority is data discover - i.e. scanning for sensitive data on endpoint hard drives and file servers. In principal you could use that capability to do a scan of unwanted executables tucked away on the network - same for media files.

Best regards,

John

Hey John,

Thank you for your response.

I understand that this hasn't been at the top of the priority list. It is sort of a strange request. I didn't realise the complexity of my request either.

Upon reading your response, your mention of the application control jogged my memory as I had completely forgotten about that. I believe that I should be able to do some of what I wanted to accomplish using this and a few other things.

It would be nice to see this feature, but I understand now some of the issues that arise trying to accomplish this.

Thank you for shedding some light on my question once again.

Cheers

Todd