Block copy and execution of specific files from an USB.

Article:TECH94989  |  Created: 2009-01-12  |  Updated: 2009-01-03  |  Article URL http://www.symantec.com/docs/TECH94989
Article Type
Technical Solution

Product(s)

Environment

Issue



Customer wants to run .XML files from an Allowed USB (Kingston) device but wants to block every other files that is store in that USB (Kingston) device. He also wanted to prohibit the user so that the user cannot copy anything from that USB device to his local computer and vice-versa.


Solution



Steps 1:

First use DevViewer.exe to get the device id for that USB.
Then Add that Device id in the hardware deices list by going into:-

In Policies Click on the UP arrow next to Policy components -- Select Hardware devices -- Add a Hardware device.

Type in the Device name and Select Device id and paste the device id over there.





Steps 2:

Now under policies open Application and device control and add a new application and device control policy or you can edit the existing policy.

Select Device control and under Block Devices add USB (As we need to block all the USB except the one which user need to allow)

And under Devices Excluded from Blocking add the USB device (Kingston) and other USB devices as well.
E.g. CD drives /Biometric /Disk Drives /Human interface Devices / Tape Drives.




Steps 3:

Now select Application Control and add a new rule.




Steps 5:

Name it as “Block Writing From USB Drive”
At the bottom click on Add Rule and Select “File and Folder Access Attempts”



Steps 6:

Under Main rule for “Block Writing from USB Drive” process name to match should be asterisk (*).
Options under "Only match process running from the following drive types" should be unchecked.




Steps 7:

In Rule for “File and Folder Access Attempt” we have Apply to the following Files and Folders.
There click on add and type in *.*

Under “Only match process running from the following drive types” select Removable drive (Floppy drives, USB Drives. Etc)



Steps 7:

In Rule for “File and Folder Access Attempt” we have Do not apply to the following Files and Folders.
There click on add and type in *.XML.

Options under “Only match process running from the following drive types” should be unchecked.



Steps 8:

In Rule for “File and Folder Access Attempt” click on Action tab. Under Read Attempt select Block Access. Under Create, Delete, or Write Attempt select Block Access.



Click on ok 3 times and assign the policy to the specific group

Steps 9:

Reboot the machine if prompted.

Check if the policy is implemented on the client side. Try Accessing the USB device you will get a pop up from Symantec stating that files were blocked.
You will be able to access the .XML files and will be able to copy and paste only .XML file but no other files.





Legacy ID



2009071308320848


Article URL http://www.symantec.com/docs/TECH94989


Terms of use for this information are found in Legal Notices