Data Loss Prevention

Hey all,

I've been poking around the forums looking for a solution and there are no obvious answers. The native Bluetooth application on Windows is called fsquirt.exe and is added in the Application Monitoring section of our DLP instance but we aren't getting any transfers. After some more investigating it's been mentioned that MTP (WudfHost.exe) is what does the actual transfers so I added that to the application monitoring and I am not getting results..

Our goal is to create a policy that will prompt a notification if someone transfers a document that meets certain requirements but we aren't getting any visual of bluetooth traffic. 

Thanks,

Drew

Hi Drew,

Please follow the below link and mark as solution if problem get resolved.

https://support.symantec.com/en_US/article.TECH236093.html

Regards

Amit

Hi Amit,

The solution shared relates to a 3rd party bluetooth app but I am talking about the built to bluetooth one, which seems to already be configured in DLP but isn't giving us expected results.

Thanks

Drew,

you my need to make sure all of the check boxes are checked for that applicaiton. (Open Access file etc)

Also make sure that you have the escape character when defining the "." in fsquirt.exe. fsquirt\.exe

Look at other applications to see how to set it up properly.

Also run the fsquirt.exe from command line and do the trnafer that way to make sure that it really using the builtin Bluetooth transfer executbale.

Last option is to see if there is ANOTHER executable that starts when you actually transfer the file.

Good Luck,

Ronak

PLEASE MARKED SOLVED WHEN POSSIBLE