Removable Storage

CPM monitors data transmissions to or within removable storage devices. Activities related to data transmission include:

Creation of a file within the device
Copying of a file from the host machine to the device
Closing of a modified file within the device
Modifying of file information (such as the file’s extension) within the device

When a file to be transmitted contains a data identifier, CPM either blocks or allows the transmission.

Note: The Device Control action has a higher priority than the DLP action. For example, If Device Control does not allow copying of files to a removable storage device, transmission of sensitive information does not proceed even if DLP allows it. For details on Device Control actions, see Permissions for Storage Devices.

For a list of supported removable storage devices and applications that facilitate data transmission activities, see:

http://docs.trendmicro.com/en-us/enterprise/data-protection-reference-documents.aspx

The handling of file transmission to a removable storage device is a straightforward process. For example, a user who creates a file from Microsoft Word may want to save the file to an SD card (it does not matter which file type the user saves the file as). If the file contains a data identifier that should not be transmitted, CPM prevents the file from being saved.

For file transmission within the device, CPM first backs up the file (if its size is 75MB or less) to %WINDIR%\system32\dgagent\temp before processing it. CPM removes the backup file if it allowed the file transmission. If CPM blocked the transmission, it is possible that the file may have been deleted in the process. In this case, CPM will copy the backup file to the folder containing the original file.

CPM allows you to define non-monitored devices. CPM always allows data transmissions to or within these devices. Identify devices by their vendors and optionally provide the device models and serial IDs.