Block Bluetooth file transfer in Endpoint Protection
book
Article ID: 367078
calendar_today
Updated On:
Products
Endpoint SecurityEndpoint Security Complete
Issue/Introduction
How can I block Bluetooth file transfers in Symantec Endpoint Security
Resolution
In the Console go to the Policies page
In the 'Policy Type' section select 'Custom Application Behavior'
Select the Policy that applies to the desired computers or create a new policy
In the policy click the 'Add Rule Set' button in the middle on the right-hand side.
On the 'Add Rule Set' page, Enter a 'RULE SET NAME*' and optional 'DESCRIPTION'
Click the 'Add Rule' button on the right-hand side
On the 'Add Rule' page for 'Define Applications', Enter a 'RULE NAME*' and optional 'DESCRIPTION'
Click the 'Add Application' button on the right-hand side
On the 'Add Application' page, In the 'NAME APPLICATION TO MATCH*' field enter an Asterix (*)
In the 'Only match applications running from the following drive types' section, make sure that only 'Only match applications running on the following device id type' is selected
Enter the desired value. Example: BTH\MS_RFCOMM\*
Click 'Save Included Application'
Click 'Next'
On the 'Add Rule' page for 'Behaviors and Actions'
In the 'Behaviors and Actions' list make sure 'File and Folder Access Attempts' is selected
Click the 'Add Condition' button on the right-hand side
On the 'Add Condition : File and Folder Access Attempts' page, enter a 'NAME*' and optional 'DESCRIPTION'
Make sure the 'Enable this condition' checkbox is selected
Click the 'Add Files and Folders' button on the right-hand side
On the 'Add File and Folder Define' page, In the 'File or Folder Name to Match*' field enter an asterix (*)
In the 'Only match files running from the following drive types' section select 'Only match applications running on the following device id type' and enter the desired value. Example: BTH\MS_RFCOMM\*
Click 'Save file or Folder Definition'
Click 'Next'
On the 'Edit Condition : File and Folder Access Attempts' page, select the desired action. Example: 'Block Access' for both.