iPhone not blocked by Device Control

Have you tested to make sure that Device Control is in fact working at all? If you remove the exception, does it block it then?

Device control, when working properly, would mean that you would not see the device whatsoever under My Computer, because to the computer it is not there. If for some reason it is, then something isn't configured correctly.

You can also set a pop-up notification that will inform you that a device was in fact blocked, which may help you troubleshoot.

I am also trying to prevent users from connecting personal iPhones to their work computers if they have iTunes installed locally on their machine by using the Sophos Device Control. These users have company issued iPhone's so iTunes is needed to configure authorized devices so the Application Control can not be used. 

I've created a Domain test machine and applied the strictest Device Control policy possible through the 4.5 console. The policy is applying because it is stopping everything from Floppy drive, CD-ROM, and mass storage devices, but not iPhones.  

Is there a way to only allow company issued iPhone's through Device Control?  

Thank you,

Tom

Security Administrator

Did anyone find a resolution for this? I am experiencing a similar issue. iPods appear to be detected and blocked just fine, but iPhones (I tested using a 3G and a 3GS, haven't tried a 4 yet) are not.

I've been running under a "detect only" profile for a couple of months now. One thing I notice immediately is that other smartphones (Android, BlackBerry) appear in the device control event logs, but I see zero iPhone entries. As I said, iPods do appear and are subject to policy. It seems to be the iPhones that Sophos is having an issue with.

Hi, 

iPhones are not currently blocked by device control. They appear to the endpoint as either a camera or custom device type (for itunes). We are looking into extending device coverage to include cameras (mtp/ppt devices) and also specific iPhone capabilities. Although it is possible to copy files using itunes it is not possible to use an iPhone as removable storage without additional software tools. The reason the blackberry and android devices are appearing in the event viewer is that they present themselves as removable storage when connected (amongst other things). 

You could consider SafeGuard port protector which does detect and block iPhones if this is a concern?

Hope this helps

John Stringer

Product Manager

Hi Has there been updates on Device control blocking iPhones, if not is there a work around? We have blocked every other device but not the Iphone!

I also am wondering why this has not been addressed? Especially when other companies have been able to address this.

Are Sophos still working on getting iPhones blocked through Device Control?

We have an addition to device control coming in October which will include iPhone and iPads etc as it covers MTP/PTP devices. To cover wifi access you will have to ensure that you are not allowing these devices to access the machines on which iTunes or Samsung Kies (for example) as clearly when connected this way devices are not using USB. By default the Windows and Sophos firewalls will block this type of connection as it in an unsolicited inbound connection.

You should also of course use application control to stop the use of these apps (iTunes is already included, Kies is to follow ASAP).