Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 9 subscribers
  • Views 8435 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Data Loss Prevention (DLP) and USB storage.

S1P

Hello

I have the DLP base policy active for General organisation activities [UK]. With this policy active I have this issue:

If I attach a USB storage device to a PC and right click it to add a new Text Document (for example). It is blocked by Sophos with the message "Transfer of the file New Text Document.txt was blocked". All rules are set to "Allow transfer if user confirms". When the user confirms the transfer we get access is denied.

If I repeat this action but create the Text Document on my desktop, and then copy it to the USB storage device it is fine.

This sounds like a trivial issue, but it creates a problem for our CAD software users packing their projects to USB.

Has anyone come across this before? Or has any ideas please?

Thank you.



This thread was automatically locked due to age.
Parents
  • +1

    Hello SimonPerna,

    this is how DLP works in this scenario. The reason is that DLP has to scan the content of a file in order to determine whether any rules are violated. For this it needs an existing static version of the content - in other words it has to be able to read what should be written before writing commences. As this is not possible when an application writes directly to USB storage only copies of existing files to removable storage are permitted. With Explorer it is possible to reliably determine the source. Whether other applications would equally fulfill the requirement I can't say, anyway only Explorer is supported.

    Christian 

Reply Children
No Data
Unfiltered HTML