Device Control behaviour with Sophos Anti-Virus for Mac

  • Article ID: 119742
  • Rating:
  • 2 customers rated this article 5.0 out of 6
  • Updated: 06 Mar 2014

This article details the behaviour of the Device Control feature within Sophos Anti-Virus for Mac as well as showing the differences when compared to the Device Control feature for Sophos Anti-Virus for Windows.

Note: The Device Control feature within Sophos Anti-Virus for Mac is only available with Sophos Anti-Virus version 9.1.3 and above. Therefore on-premise customers can expect it to be available from April onwards.

Applies to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Mac OS X

 

Device Control

Storage

This table identifies the storage types and policy options supported by Device Control in Sophos Anti-Virus for Windows, and Sophos Anti-Virus for Mac OS X.

Device Type Policy Options Platform

Windows Mac OS X
Storage:
Floppy Drive Blocked/Full access/Read only 

Optical Drive Blocked/Full access/Read only
Removable Storage Blocked/Full access/Read only
Secure Removable Storage Blocked/Full access

Removable Storage (Mac OS X)

Removable storage devices on Mac OS X include, but are not limited to, the following:

  • USB Keys / Sticks
  • Smartphones (that register as Mass Storage Devices
  • FireWare Hard Drives
  • Thunderbolt Hard Drives
  • USB Hard Drives
  • USB Optical Drives
  • USB Floppy Drives

Secure Removable Storage

If the policy for Secure Removable Storage has been modified whilst Secure Removable Storage devices are attached to systems these devices will have to be removed from the system and then re-attached.
Modifications include changing from Deny to Allow, Allow to Deny, or adding or removing an exemption.

For example, if the policy denies access to Secure Removable Storage and a Secure Removable Storage device is attached to the system it will be blocked.
The policy is then modified to allow access to Secure Removable Storage.  The device will remain blocked until it is removed and then re-attached.

Internal Optical Drive (Mac OS X)

The policy for Optical Drives covers both the physical drive as well as the optical media within it. 
The following media is supported: CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-R, and DVD-RW.

The Optical Drive policy is evaluated at the point at which the filesystem attempts to mount the media.
On Mac OS X this will result in access to the optical media being denied as well as the Optical Drive ejecting the media.

Read-Only Policy

Optical media that has been 'sealed' as read-only can be accessed when the policy allows read-only access to Optical Drives.
CD-R, CD-RW, DVD-R, and DVD-RW media that is still writable and not sealed will be blocked.

If a disc is being burned when the Device Control policy on the endpoint changes to only allow read-only access the current burning sessions will complete, and then the policy will be actioned.

Block Policy

If a disc is being burned when the Device Control policy on the endpoint changes to block access the current burning sessions will complete, and then the policy will be actioned.

 

Network 

 

Device Type Policy Options Platform

Windows Mac OS X
Network:
Modem Block bridged/Blocked/Full access
Wireless Block bridged/Blocked/Full access

Wireless (Mac OS X)

The wireless device control policy on Mac OS X will only affect Airport devices.
Other wireless devices that are connected via USB or other connector that do not appear as an 'Airport' device in the Operating System are not covered.
This may include, but not be limited to, USB Modems (3G Dongles), Bluetooth Modems, and Smartphone tethering.

Wireless : Block Bridged (Mac OS X)

This policy option will restrict the OS X system to having either an active wireless link, or any Ethernet link.

 

Short Range

 

Device Type Policy Options Platform

Windows Mac OS X
Short Range:
Bluetooth Blocked/Full access
Infrared Blocked/Full access

 

Mobile / Media Transfer Protocol (MTP)

 

Device Type Policy Options Platform

Windows Mac OS X
Mobile:
iOS
Android  
Windows Phone (7/8)  
Blackberry  

Note (Mac OS X)

Mobile devices that are blocked will not receive power via the USB (or other connector) port.

 

Device Control and Virtual Machines

Mac OS X 

Virtual Box

If Sophos Anti-Virus is installed on the host system all devices attached to it, and passed through to the VM, will be covered by Device Control.

VMware Fusion and Parallels

If Sophos Anti-Virus is installed on the host system only devices passed to the host will be covered by Device Control.
If, when prompted, the user selects to pass the device to the VM Device Control on the host is unable to interact with the device.

It is recommended that in this situation that Sophos Anti-Virus is installed on the VM and that Device Control is enabled.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments