In DLP version 15.1 and above the fsquirt.exe application is enabled for Application Monitoring by default with the application name of "Microsoft Windows Bluetooth" in the Application list. The method described below does not need to be followed in DLP 15.1 or higher. It can however be used to double check it's configuration, or as an example on how to configure other applications for monitoring.

This method does not monitor transfer over Bluetooth as-is but instead allows the Agent to perform detection on any file that fsquirt.exe opens. The fsquirt executable is responsible for Bluetooth file transfers on Windows platforms. Using this feature allows to block the upload by the standard Endpoint Prevent: Block response rule.

Gathering device information :

1. Copy the tool "GetAppInfo.exe" from the Agent Tools folder and bring it to any Windows client machine. Agent tools are by default contained in the Agent package downloaded from the Support Portal.

2. Run "GetAppInfo.exe" and click on Browse and point to the path "C:\Windows\System32\fsquirt.exe" and click on "Get Info"

3. The result should look similar to the below. Details may differ based on version or update level of OS.

Comments: 
InternalName: fsquirt.exe
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.
ProductVersion: 10.0.19041.1
FileDescription: 
LegalTrademarks: 
PrivateBuild: 
FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
OriginalFilename: fsquirt.exe
SpecialBuild: 
PublisherName: Microsoft Windows (UNVERIFIED)

4. Save this information in notepad.

5. Navigate to the DLP Enforce Console, System -> Agent -> Global Application Monitoring.

6. Click on Add Application, select the platform which in this example is Windows, and fill the information under Application Information as shown below.

Name (Required)  = Bluetooth

Binary Name         = fsquirt\.exe

Internal Name       = fsquirt\.exe

Original Filename = fsquirt\.exe

7. In the Application Monitoring Configuration leave the default options enabled and make sure to enable "Application File Access" with the "Open" option selected. The end result should look as presented on the screenshot below.

8. Save the changes.

9. Now go to System -> Agent -> Agent Configuration and select your already created configuration.

10. Under Enable Monitoring, Configured Applications, check "Application File Access".

11. Save the configuration.

12. Apply/update this configuration. This can be done by navigating to System -> Agents -> Agents Groups. While there select the Agent Groups to which the modified Agent Configuration is assigned and use the "Update Configuration" button. Notice the exclamation mark next to the Agent Configuration name. This indicates that the configuration was changed in the Enforce Console but not yet deployed to the agents.

13. Now you are ready to test the Bluetooth file transfer. By default Endpoint Agents synchronize every 15 minutes to pull any Agent Configuration and/or Global Application Monitoring changes. Thus it is advised to wait at least 15 minutes before proceeding with any tests.

Note 2: On MAC OSX system the process name to monitor Bluetooth is called "blued" - see https://en.wikipedia.org/wiki/Blued_(macOS). As of 15.8 this is NOT added by default and will need to be added manually. See documentation under "Adding a macOS application" and ensure that monitoring AFA is selected for this application.