We use USB Defender to ensure that employees working in HIPAA areas aren't able to leave with customer information. Normally it works great. We've white listed all the scanners, printers, and USB devices that are normal to use so we normally don't get any alerts. For some reason, sporadically we'll get a USB Defender alert for an attached then detached Apple iPhone. It's always with the same user, and always shows the detection time 30 days prior to the alert. We've verified the employee doesn't have an iPhone, and her phone is left in the lockers outside of the HIPAA area during her shift. Does anyone know why this very specific false positive pops up every 2-4 weeks? Anytime we test USB defender it automatically alerts us, and we know it's working. Why does this alert show a detection time 30 days ago, but the alert only pops up 30 days late? Is there anyway other than white listing iPhones to prevent this false positive? Obviously we can't white list iPhones.
↧