Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Application and Device Control

Updated: 22 May 2010 | 4 comments
brav's picture
brav
+1 1 Vote
Login to vote

Does anyone know if it's possible to create an Application & Device Rule that can log writing of files to removable Media ?

I've created a rule called Writing to Removable Media. I've apply all processes to this rule. I have then created a File and Folder Access Attempts condition, again using the * wildcard to show all files and folders and only to match files on te following drive types : CD/DVD , RAM , Removable drive.

I've told it to not apply to local or network drives.

Actions for Read & Create,Delete or Write attempts is to Continue processing other rules and Enable logging : Severity -- Critical -- 0

Would this be correct ? & also, where would I be able to check the logs to see what was copied ?

discussion Filed Under:
, , , , ,

Comments

mon_raralio's picture
04
Jun
2009
0 Votes 0
Login to vote
mon_raralio

To be able to log the actions

To be able to log the actions on the CD/DVD

SEPM

Clients > Application Control
There is already an rule set to block USB drives
You can create a new rule or just modify that.
Then you can add proccesses, you can have the option which drive this rule will be allowed assign the action

So, to answer your questions:
Yes, it is correct. And to check the logs:
Go to Monitors > Logs > Select the log type.

“Your most unhappy customers are your greatest source of learning.”

Jobert's picture
04
Jun
2009
0 Votes 0
Login to vote
Jobert

I know that cd writers could

I know that cd writers could not be blocked since no feature is yet made...
but the burner is an apps that could be blocked..
get MD5 of all possible burner apps... if we can...

mon_raralio's picture
05
Jun
2009
0 Votes 0
Login to vote
mon_raralio

As far as I recall, some CD

As far as I recall, some CD burners have installers that include plugins for MS Windows that allows the user to burn on the spot like if he was just copying files from rewritable media. You just have to click an extra icon to commit the changes.

“Your most unhappy customers are your greatest source of learning.”

Ajju's picture
05
Jun
2009
1 Vote -1
Login to vote
Ajju

Let me know what is the sep

Let me know what is the sep ver you are using.

In the new SEP MR4 ver this options are alread created like:
 
   1) Log files writing to removable drives.
  2) Disable autorun.inf from removable drives.
   3) Make Removable drives read-only.

You need to just enable the policy.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,936