Can DLP detect if a SUB storage Device is Encrypted?
search cancel

Can DLP detect if a SUB storage Device is Encrypted?


Article ID: 170416


Updated On:


Data Loss Prevention Network Discover Data Loss Prevention Endpoint Discover


Symantec Data Loss Prevention (DLP)
Endpoint Discover
Network Discover

A customer wants to implement a policy where if a USB storage device is encrypted, then allow write access to users, but if it is not encrypted, then do not allow write access.
Block usb devices selectively based on device being encrypted on not.


DLP 15.x, Windows OS endpoints.


There is no way to know if a Logical Device is encrypted on not, only files and folders have a encryption attribute but not a logical device.
Consult the ICM_LogicalDevice WMI data class in Windows OS.


DLP cannot know if a USB device is encrypted or not.
Therefore, DLP cannot make a decision on allowing users to write or not to a logic device based on "if the storage device is encrypted".
There is no Encryption attribute on Logic devices in Windows OS that will allow to detect encryption (review the CIM_LogicalDevice wmi class attributes).
MS documentation: CIM_LogicalDevice class