Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 16290 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP Blocking all transfers to USB drive for just some computers

Brad Wagner

Hello. I'm testing Sophos Endpoint Advanced on Windows 10 for a SMB. On our 2017 machines (HP EliteDesk 800 G3) *any* file transfer to a USB key is blocked. I see a Sophos pop-up telling me so. Furthermore, the cloud event log shows the key being inserted, but it does not have a record of the blocked transfers. The blocked transfers are visible on the client.

Meanwhile, the DLP works great for 2013 vintage machines (HP 6300 Pro towers). Users get the Allow/Block options. Everything is logged.

Both sets of machines have the same policy. When I disable DLP for the malfunctioning computers, the transfers work again. Where should I go to troubleshoot the issue?

If it’s any assistance, when I attempt to copy a file to the USB drive on the 2017 machines, I see two things essentially simultaneously:

  • A Windows 10 pop-up mid-screen telling me that to continue, administrative access rights are required. (Our users aren’t members of the Administrators group on their local machines.) Providing those rights has no effect, as I’ve already seen…
  • A Sophos Endpoint pop-up lower right telling me that “Transfer of file [filename] was blocked."

Thanks for any help you can provide.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Brad Wagner

    This did help.  Just FYI to anyone trying this method to fix it though, if you have Bitlocker installed and running on a Windows machine, make sure you have your key, or you're locked out of the machine and will have to reinstall Windows.

  • 0 in reply to Michael Guyett

    https://community.sophos.com/kb/en-us/120861

     

    As you mentioned in this KB. "Whilst of course it is not ideal to disable Secure Boot, doing so has the affect of reverting this particular aspect of Windows Security back to the level offered in Windows 7, so we do not believe it presents a significant security risk."

    So either you enable secure boot (which is what most people are doing with Windows 10) and are unable to use the DLP option in EP or Central or you need to enable TPM plus pin if you disable secure boot. That pin that eventually will end up on a post it note stuck to the laptop. This is not model specific this is all hardware out there, HP, Dell, Lenovo.

    We actually liked the DLP functionality in Sophos. However we are not removing secure boot from our Windows 10 deployments. 

Unfiltered HTML