The ability to block internet tethering of Android smartphones while allowing data transfer to the storage area on the device is possible using DLP Endpoint. This article outlines the configuration steps to take within DLP Endpoint.
Use the following procedures to block USB internet tethering while still allowing the use of the smartphone to store data:
Manage the Network Adapters:
- Log on to the ePolicy Orchestrator (ePO) console.
- Click Menu, Policy Catalog.
- Select Data Loss Prevention from the Products drop-down list.
- Select a DLP Policy used on the endpoint PCs.
- Click Settings, Device Classes.
- Perform the following actions:
- Select Network Adapters under Device Class Name.
- Select Managed under Status.
- Select Upper Filter under Filter Type.
- Click Add.
- Click Apply policy to save the changes.
Block or monitor USB internet tethering:
- Log on to the ePO console.
- Click Menu, DLP Policy Manager.
- Click the Definitions tab, expand Device Control, and click Device Templates.
- Click Action, New, Plug and Play Device Template.
Example configuration to block USB internet tethering for a Samsung Galaxy S4:
- Name equals Remote NDIS Device
- Bus Type equals USB
- Device Class equals Network Adapters
- Device Compatible ID (Advanced) contains USB\CLASS_E0&SUBCLASS_01&PROT_03
- USB (VID/PID Codes) equals VID: 04E8 PID: 6863
NOTE: This VID/PID is specifically for a Samsung Galaxy S4 device. For other device VID/PIDs, see this list of USB IDs.
- Click Save.
- Click Rule Sets and click an applicable rule set.
- Click Device Control, Actions, New Rule, Plug and Play Device Rule.
Example rule:
- Rule Name: Block or Monitor NDIS Device
- Condition: Is any User (ALL)
- Plug and Play: Is one of (OR) Remote NDIS Device
- Reaction
- Action: No Action
- User Notification: Default device management user notification [built-in]
- Report Incident: Checked
- Click Save, apply the policy to the endpoint PC, and test the rule.
- When you are satisfied with the results, set the Action (in step 7) to Block tethering.