When you copy confidential data into a TrueCrypt container using Windows Explorer, DLP agent identifies it as Removable Storage.
When you copy confidential data into a TrueCrypt container using Command Prompt, DLP agent identifies it as Local Drive.
The DLP agent works as designed. DLP agent identifies the TrueCrypt container (Virtual Drive) as Removable Storage. Basically this is expected behavior, the Truecrypt Virtual Drive is essentially a file which can be disconnected and move elsewhere such as USB, hence the reason why file based virtual drives are always treated as removable media.
The TrueCrypt application can mount the encrypted volume in different ways:
We have the enhancement request (PM-2076) to add the following funcionality into the DLP agent:
- If the user will mount the TrueCrypt encrypted volume as Removable Medium, the DLP agent will identify the VHD as Removable Storage. - If the user will mount the TrueCrypt encrypted volume as Fixed Drive, the DLP agent will identify the VHD as Fixed Drive.
Imported Document ID: TECH219963
Subscribing will provide email updates when this Article is updated. Login is required.