Supported removable media
- Removable media - You can monitor or prevent sensitive data from being transferred to removable media like thumb drives and external hard drives.
If desired, you can configure Windows endpoint policies to encrypt files being transferred to removable media. Encryption is not supported on Mac endpoint machines.
Note: Forcepoint DLP endpoint only supports flash based removable media devices on Windows endpoints. It does not support SCSI over USB or similar.Forcepoint DLP Endpoint provides two methods to encrypt sensitive data that is being copied to removable media devices. You can:- Encrypt with profile key: Windows only. Encrypt with a password deployed in the endpoint profile. This option is for users on authorized machines—ones with Forcepoint DLP
Endpoint installed—when they try to decrypt files.
Select Encrypt with profile key when configuring your action plans for endpoint removable media. The action defaults to permitted on Mac endpoint machines regardless of your action plan setting.
- Encrypt with user password: Windows only. Encrypt with a password supplied by the Forcepoint DLP Endpoint user. This option is for users decrypting files from machines without Forcepoint DLP Endpoint installed. Select Encrypt with user password when configuring your action plans for endpoint removable media. The action defaults to permitted on Mac endpoint machines regardless of your action plan setting.
See Configuring encryption for removable media in the Forcepoint DLP Administrator Help for more information.
Forcepoint DLP Endpoint supports block and permit actions on file transfers to Windows Portable Devices (WPD), but does not support the encryption of data transferred to a WPD from a Windows endpoint machine.
- Encrypt with profile key: Windows only. Encrypt with a password deployed in the endpoint profile. This option is for users on authorized machines—ones with Forcepoint DLP
Endpoint installed—when they try to decrypt files.
- CD/DVD writers - Forcepoint DLP monitors unencrypted data being copied to native Windows and Mac CD/DVD burner applications. It monitors non-native Windows CD/DVD burner applications as
well, but only blocks or permits operations without performing content classification.
Non-native CD/DVD blocking applies to CD, DVD, and Blu-ray read-write devices on Windows 8, Windows Server 2012, and Windows Server 2016 endpoint machines.
- Mobile devices - On Windows 10 (Creators Update, version 1703 and later), Forcepoint DLP can monitor unencrypted data being copied to mobile devices through the WPD protocol. This
allows you to use application file access monitoring on software clients like Apple iTunes and Samsung Kies when needed.
Forcepoint DLP Endpoint does not support the encryption of data transferred to a WPD from a Windows endpoint machine.