DLP monitoring of the Windows 10 CDPSvc service

book

Article ID: 221144

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

Symantec Data Loss Prevention (DLP) Endpoint Prevent
 
Does DLP monitor the Windows 10 CDPSvc (Connected Devices Platform Service)?
 

Environment

Release:  Any

Component: Endpoint Prevent

Resolution

We do not monitor the CDPSvc (Connected Devices Platform Service) service.

The CDPSvc authenticates devices/users and builds the connection.
But it is transport agnostic, whether BlueTooth, WiFi, or another transport method.

From https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cdp/f5a15c56-ac3a-48f9-8c51-07b2eadbe9b4 :

"This protocol provides a discovery system to authenticate and verify users and devices, as well as providing a message exchange between devices. It provides a transport-agnostic means of building connections among all of a user's devices, whether available through the cloud or through direct physical presence."