Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 13050 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Data Control: created policy refuses to allow saving direct to flash drive

DMahlen

Hello,

I've scoured the Net looking for an answer to this before posting but can't seem to find anyone that's had this issue.

Under Sophos Enterprise Console (5.1.0.1839), the Data Control default policy was set to allow multimedia files to be saved directly to flash drives.  I've attempted to save multimedia (specifically sound files, MP3, MP4, etc.) to a flash drive and am told that it's blocked by Sophos.  I then created a new policy allowing the multimedia AND Microsoft Office documents to be saved to removable media. 

I applied the policy to the IT group for testing, made sure my computer was listed as compliant with the policies and tried to save a file from either an audio editor or Word to my flash drive.  No dice.  I rebooted my computer and let it sit for a couple of hours to make sure the files would "trickle in", as it seems policies take a while to stick and I still can't save multimedia files or Office files directly to the flash drive.

Granted it's really no big deal to just save to a folder locally or on the network and copy it but in other departments I have users that want the convenience of saving to a flash drive or have programs that get picky on where the file saves.  From everything I've read Sophos should be able to allow this but for whatever reason it's just not.

Anyone have any ideas what I can check?

Thanks!

:48232


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for the reply.

    When the default policy was set up by another tech, the "default" policy only had one rule-"Allow multimedia files to save to removable storage".  It did have the "Allow file transfer and log event" action.  By looking at how Data Control is set up, I'm assuming that if there is a rule, that's the only thing that will "work" and everything else would get blocked unless you TELL it what you want. At least that's how it was functioning until I actually tried to save a multimedia file and got blocked.

    I did create a new policy and at first had the rules I mentioned, the above multimedia rule, the Microsoft Office rule that was built in and a file specific rule for that specialized software I mentioned.  All of which were set to have the actioin "Allow file transfer and log event".  After applying that policy to the IT computers and seeing that my PC was the same as the policy, I tried saving to the thumb drive following the rules and was blocked.

    This morning I cleared the rules so that the new policy just monitored events.  I applied the policy and the IT computers were updated.  I tried saving a Word document to my thumb drive and it worked.  So then I went back into the rules and applied the "Microsoft Office" rule as before.  I applied it and I could still save a word doc to my thumb drive.  I then tried saving an MP3 file and that worked too, only it shouldn't have as there wasn't a rule applied.  I rebooted my machine and I'm still pretty much free to save directly to the flash drive.

    I'm wondering if I'm approaching this wrong, like I'm assuming Sophos will automatically block everything. Should I be locking everything down for removable storage and then opening up what I need or am I on the right track and my Sophos setup is just being tempermental?

    Thanks to you and anyone for your time replying to this!

    :48270
Reply
  • 0

    Thanks for the reply.

    When the default policy was set up by another tech, the "default" policy only had one rule-"Allow multimedia files to save to removable storage".  It did have the "Allow file transfer and log event" action.  By looking at how Data Control is set up, I'm assuming that if there is a rule, that's the only thing that will "work" and everything else would get blocked unless you TELL it what you want. At least that's how it was functioning until I actually tried to save a multimedia file and got blocked.

    I did create a new policy and at first had the rules I mentioned, the above multimedia rule, the Microsoft Office rule that was built in and a file specific rule for that specialized software I mentioned.  All of which were set to have the actioin "Allow file transfer and log event".  After applying that policy to the IT computers and seeing that my PC was the same as the policy, I tried saving to the thumb drive following the rules and was blocked.

    This morning I cleared the rules so that the new policy just monitored events.  I applied the policy and the IT computers were updated.  I tried saving a Word document to my thumb drive and it worked.  So then I went back into the rules and applied the "Microsoft Office" rule as before.  I applied it and I could still save a word doc to my thumb drive.  I then tried saving an MP3 file and that worked too, only it shouldn't have as there wasn't a rule applied.  I rebooted my machine and I'm still pretty much free to save directly to the flash drive.

    I'm wondering if I'm approaching this wrong, like I'm assuming Sophos will automatically block everything. Should I be locking everything down for removable storage and then opening up what I need or am I on the right track and my Sophos setup is just being tempermental?

    Thanks to you and anyone for your time replying to this!

    :48270
Children
No Data