Configuring DLP Policies for Monitoring Bluetooth Transactions
- Article Number: 000017552
- Products: Forcepoint DLP, Forcepoint DLP Endpoint, Forcepoint One Endpoint
- Version: 8.7, 8.6, 8.5, 8.4, 8.3, 8.2, 20, 19, 18
- Last Published Date: November 16, 2020
Notes & Warnings
Note To watch a video detailing the steps described in this article for Windows machines, see the following article:
Video: Monitoring Bluetooth Transfers Using the Forcepoint DLP Endpoint
Prior to macOS Catalina (10.5.x), native Bluetooth file transfers was not possible and required the use of a third-party application. In this case, include File Access monitoring for the application handling the transfer. For handling Bluetooth transfers built into the Finder, refer to the contents of this article.
How do I monitor data transmitted through Bluetooth file transfers from a machine using the Forcepoint DLP Endpoint?
In general, if the goal is to outright block the usage of Bluetooth on end-user machines, consider utilizing GPO to perform this action.
Otherwise, consider adding fsquirt.exe and BTStackServer.exe (for Windows) or bluetoothd/blued (for Mac) as Endpoint Applications in order to include within DLP policies:
Keywords: DLP Data Security Manager; Bluetooth; monitor bluetooth; bluetooth monitoring; endpoint; endpoint application; endpoint application group; application group; DLP Policy Help; File Transfer DLP Policy; Blue Tooth; BTStackServer; FSquirt; Transaction DLP; Mac Windows Endpoint;