KB Article | Forcepoint Support

Notes & Warnings

Note To watch a video detailing the steps described in this article for Windows machines, see the following article:
Video: Monitoring Bluetooth Transfers Using the Forcepoint DLP Endpoint

Prior to macOS Catalina (10.5.x), native Bluetooth file transfers was not possible and required the use of a third-party application. In this case, include File Access monitoring for the application handling the transfer. For handling Bluetooth transfers built into the Finder, refer to the contents of this article.

Problem Description

How do I monitor data transmitted through Bluetooth file transfers from a machine using the Forcepoint DLP Endpoint?

Resolution

In general, if the goal is to outright block the usage of Bluetooth on end-user machines, consider utilizing GPO to perform this action.

Otherwise, consider adding fsquirt.exe and BTStackServer.exe (for Windows) or bluetoothd/blued (for Mac) as Endpoint Applications in order to include within DLP policies:
  1. Open the Forcepoint Security Manager and access the Data tab
  2. Navigate to Policy Management > Resources > Endpoint Applications
  3. Click New, then click Application
  4. Create the following two Endpoint Applications:
    • Name: Bluetooth
    • Initiated by: fsquirt.exe
    • Name: Bluetooth2
    • Initiated by: BTStackServer.exe
  5. (Optional) For Mac environments, create additional Endpoint Applications as follows:
    • Name: bluetoothd
    • Initiated by: bluetoothd
    • Name: blued
    • Initiated by: blued
  6. Navigate to Policy Management > Resources > Endpoint Application Groups
  7. Click New, then click Application Group
    • Name: Bluetooth
    • Members: Bluetooth, Bluetooth2 (and bluetoothd/blued if needed)
    • Enable monitoring over the File Access channel only
  8. Click OK
  9. Navigate to the Destination tab of the DLP rule you have configured
  10. Edit the Endpoint Applications to consider
  11. Add the Bluetooth Application Group to the Include group
  12. Save changes to the rule
  13. Deploy changes to the environment



Keywords: DLP Data Security Manager; Bluetooth; monitor bluetooth; bluetooth monitoring; endpoint; endpoint application; endpoint application group; application group; DLP Policy Help; File Transfer DLP Policy; Blue Tooth; BTStackServer; FSquirt; Transaction DLP; Mac Windows Endpoint;

Article Feedback



Thank you for the feedback and comments.