On-Premise Endpoint

Sophos Endpoint Software Data Control - from USB to hard disk

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 6 replies
Subscribers 1 subscriber
Views 5499 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Control - from USB to hard disk

toddh over 14 years ago

Hey,

I have been testing out the Data Control policy a little bit.

I have setup some very basic rules to block the copying of Microsoft Office documents to USB keys and so far its working great.

I then wanted to see if I could set it up to prevent .exe's to be copied to USB keys, and that is also working great.

I was wondering though if I can get the blocking to work when a user copies data from a USB to the local hard drive.

For instance, I want to block a user from copying an executable from their USB key to the local hard drive.

In the data control policy under "device types" I have the destination options for Floppy, optical drive, and USB, but no hard disk.

I am not sure if I am looking in the wrong spot, or if this even makes sense to have as an option. But I was just curious if I can set this up?

Thank you

Cheers

This thread was automatically locked due to age.

Parents

0 QC over 14 years ago

Is this something that could be added possibly to the functionality of the Data Control Policy

I'm not Sophos and of course not the product manager.

I think the answer is: Very likely not now and perhaps "never". Why? General copying is not a special function but basically a write preceded by a read. You can't block a file when it's opened for reading (as there is no way to figure out the intent of the application) so you have to scan the file when it is written. If you select a "target device" in Data Control (aka as data leakage prevention) Sophos prohibits write access for all applications except Explorer.

Doing this for the hard disk is, well, not an excellent idea. What can be done though is restricting reading from external storage. But this might just be what you want anyway. Of course this will also prevent copying from e.g. USB to USB.

Christian
:5689
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 14 years ago

Is this something that could be added possibly to the functionality of the Data Control Policy

I'm not Sophos and of course not the product manager.

I think the answer is: Very likely not now and perhaps "never". Why? General copying is not a special function but basically a write preceded by a read. You can't block a file when it's opened for reading (as there is no way to figure out the intent of the application) so you have to scan the file when it is written. If you select a "target device" in Data Control (aka as data leakage prevention) Sophos prohibits write access for all applications except Explorer.

Doing this for the hard disk is, well, not an excellent idea. What can be done though is restricting reading from external storage. But this might just be what you want anyway. Of course this will also prevent copying from e.g. USB to USB.

Christian
:5689
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data