Description

Disregarding DeviceLock policy restrictions on 'iPhone' device type, any data can be written to iOS devices either through Apple iTunes application, or any other third-party tool. Audit or shadow logs are not generated for file operations/synchronization with iPhone devices.

Comments

This issue may indicate that instead of the standard Apple driver (USBAPPL.SYS) for Apple devices, Operating System uses another driver which does not provide the possibility for granular control of Apple iOS devices.

Recommendations

1. Upgrade to DeviceLock version 8.3.75986, or higher to control Apple devices in binary mode, which means that: iOS devices will be either completely denied, if at least one operation is restricted in DeviceLock policy for iPhone device type, or completely allowed if DeviceLock policy does not carry any restrictions for iPhone device type.

2. To allow granular control for Apple iOS devices to work, the appropriate Apple driver must be installed in the system:

- run Windows Device Manager snap-in (devmgmt.msc)

- locate Apple Mobile Device USB Composite device in the list-> right click on it-> select Properties... from the context menu-> open Drivers tab-> click Update Driver button and choose to install the driver manually from this location: %ProgramFiles%\Common Files\Apple\Mobile Device Support\Drivers

- reboot computer for the changes to take effect