Video Screencast Help

Automatically quarantine files (with specific extension) on USB sticks

Created: 10 Sep 2013 • Updated: 24 Feb 2014 | 8 comments
Roog's picture
This issue has been solved. See solution.

Hi,

I was asked if it is possible to automatically quarantine .doc files on USB sticks.

So in other words when someone inserts a USB stick and this USB stick contains files with the extensions .doc then the SEP12.1 RU1 client should automatically move these files to the quarantine folder.

I know how to block USB sticks (on device id) and how to configure an exception policy based on file extensions but not if this can be "combined".

Is this possible and if yes how can this be accomplished within the Symantec Management Console 12.1 RU1?

 

Kind regards,

Rogier

 

 

Operating Systems:

Comments 8 CommentsJump to latest comment

Rafeeq's picture

Not Possible with SEP

You should be looking at Symantec DLP for these kind of requirements.

.Brian's picture

This is not possible.

If a detection is made, it can take whatever action you set but this cannot be done automatically.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

You cannot move any file to quarantine which are not malicious.

However, in your case you may be interested in these articles:

How to use Application and Device Control to limit the spread of a threat 

http://www.symantec.com/docs/TECH93451

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

http://www.symantec.com/docs/TECH97618

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Roog's picture

Hi,

Thank you all for the quick response.

So moving these files automatically to the quarantine folder is not possible but what about blocking files with .doc extension on USB sticks?

We don't want to block the whole USB stick only particular files/ file extensions whether or not malicious.

kind regards,

 

Rogier

 

.Brian's picture

You cannot auto move to quarantine.

Yes, you can block .doc ext on USB sticks using the application and deivce control component.

See here:

How to prevent programs from running by blocking the file extension types from removable drives.

Article:TECH92172  |  Created: 2009-01-03  |  Updated: 2009-01-23  |  Article URL http://www.symantec.com/docs/TECH92172

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Check these Threads with similar query - 

https://www-secure.symantec.com/connect/forums/blocking-specific-executables-sep

https://www-secure.symantec.com/connect/forums/can-u-block-specific-content-usb-through-sep

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

Yes, you cann't auto move to quarantine however can block the specific extension 

http://www.symantec.com/docs/TECH92172

Helpful Article: Configuring Application and Device Control 

http://www.symantec.com/docs/TECH102525

 

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

.Brian's picture

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

Thanks and take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION