Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 13050 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Data Control: created policy refuses to allow saving direct to flash drive

DMahlen

Hello,

I've scoured the Net looking for an answer to this before posting but can't seem to find anyone that's had this issue.

Under Sophos Enterprise Console (5.1.0.1839), the Data Control default policy was set to allow multimedia files to be saved directly to flash drives.  I've attempted to save multimedia (specifically sound files, MP3, MP4, etc.) to a flash drive and am told that it's blocked by Sophos.  I then created a new policy allowing the multimedia AND Microsoft Office documents to be saved to removable media. 

I applied the policy to the IT group for testing, made sure my computer was listed as compliant with the policies and tried to save a file from either an audio editor or Word to my flash drive.  No dice.  I rebooted my computer and let it sit for a couple of hours to make sure the files would "trickle in", as it seems policies take a while to stick and I still can't save multimedia files or Office files directly to the flash drive.

Granted it's really no big deal to just save to a folder locally or on the network and copy it but in other departments I have users that want the convenience of saving to a flash drive or have programs that get picky on where the file saves.  From everything I've read Sophos should be able to allow this but for whatever reason it's just not.

Anyone have any ideas what I can check?

Thanks!

:48232


This thread was automatically locked due to age.
Parents
  • 0

    Hello DMahlen,

    the Data Control default policy was set to allow multimedia files to be saved directly to flash drives

    is this your only rule or do you, as I assume (at least that's how I interpret what you observe), have other rules in the policy as well and at least one of these policies has acceptance or block as action? As you say you can copy the files using Explorer the blocked message likely tells you that direct save is not allowed.

    Please note (quoting from the Console help, boldunderline mine): When a data control policy only contains rules with the Allow file transfer and log event action, direct saves from within applications and transfers using the command prompt are not intercepted. Data Control can only inspect an existing file. If you potentially want to block (i.e. at least one of the rules in the policy has acceptance or block as action) transfer of certain files/content to removable media there has to be a source file - in case of direct saves there isn't one (as an aside: Explorer is more or less the only generally available application which permits to reliably hook/intercept copy/move operations and to determine source and destination).

    Christian

    :48240
Reply
  • 0

    Hello DMahlen,

    the Data Control default policy was set to allow multimedia files to be saved directly to flash drives

    is this your only rule or do you, as I assume (at least that's how I interpret what you observe), have other rules in the policy as well and at least one of these policies has acceptance or block as action? As you say you can copy the files using Explorer the blocked message likely tells you that direct save is not allowed.

    Please note (quoting from the Console help, boldunderline mine): When a data control policy only contains rules with the Allow file transfer and log event action, direct saves from within applications and transfers using the command prompt are not intercepted. Data Control can only inspect an existing file. If you potentially want to block (i.e. at least one of the rules in the policy has acceptance or block as action) transfer of certain files/content to removable media there has to be a source file - in case of direct saves there isn't one (as an aside: Explorer is more or less the only generally available application which permits to reliably hook/intercept copy/move operations and to determine source and destination).

    Christian

    :48240
Children
No Data