Endpoint Protection

 View Only

  • 1.  Automatically quarantine files (with specific extension) on USB sticks

    Posted Sep 10, 2013 11:29 AM

    Hi,

    I was asked if it is possible to automatically quarantine .doc files on USB sticks.

    So in other words when someone inserts a USB stick and this USB stick contains files with the extensions .doc then the SEP12.1 RU1 client should automatically move these files to the quarantine folder.

    I know how to block USB sticks (on device id) and how to configure an exception policy based on file extensions but not if this can be "combined".

    Is this possible and if yes how can this be accomplished within the Symantec Management Console 12.1 RU1?

     

    Kind regards,

    Rogier

     

     



  • 2.  RE: Automatically quarantine files (with specific extension) on USB sticks

    Posted Sep 10, 2013 11:34 AM

    This is not possible.

    If a detection is made, it can take whatever action you set but this cannot be done automatically.



  • 3.  RE: Automatically quarantine files (with specific extension) on USB sticks

    Trusted Advisor
    Posted Sep 10, 2013 11:34 AM

    Hello,

    You cannot move any file to quarantine which are not malicious.

    However, in your case you may be interested in these articles:

    How to use Application and Device Control to limit the spread of a threat 

    http://www.symantec.com/docs/TECH93451

    How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

    http://www.symantec.com/docs/TECH97618

    Hope that helps!!

     



  • 4.  RE: Automatically quarantine files (with specific extension) on USB sticks

    Posted Sep 10, 2013 11:35 AM

    Not Possible with SEP

    You should be looking at Symantec DLP for these kind of requirements.



  • 5.  RE: Automatically quarantine files (with specific extension) on USB sticks

    Posted Sep 10, 2013 11:52 AM

    Hi,

    Thank you all for the quick response.

    So moving these files automatically to the quarantine folder is not possible but what about blocking files with .doc extension on USB sticks?

    We don't want to block the whole USB stick only particular files/ file extensions whether or not malicious.

    kind regards,

     

    Rogier

     



  • 6.  RE: Automatically quarantine files (with specific extension) on USB sticks

    Posted Sep 10, 2013 11:58 AM

    You cannot auto move to quarantine.

    Yes, you can block .doc ext on USB sticks using the application and deivce control component.

    See here:

    How to prevent programs from running by blocking the file extension types from removable drives.

    Article:TECH92172  |  Created: 2009-01-03  |  Updated: 2009-01-23  |  Article URL http://www.symantec.com/docs/TECH92172

     



  • 7.  RE: Automatically quarantine files (with specific extension) on USB sticks

    Trusted Advisor


  • 8.  RE: Automatically quarantine files (with specific extension) on USB sticks

    Broadcom Employee
    Posted Sep 10, 2013 03:32 PM

    Hi,

    Thank you for posting in Symantec community.

    Yes, you cann't auto move to quarantine however can block the specific extension 

    http://www.symantec.com/docs/TECH92172

    Helpful Article: Configuring Application and Device Control 

    http://www.symantec.com/docs/TECH102525

     

     



  • 9.  RE: Automatically quarantine files (with specific extension) on USB sticks
    Best Answer

    Posted Feb 24, 2014 09:39 AM

    Do you need more assistance with your problem or were you able to get it resolved?

    If you could post an update for followers of this thread that would be most helpful.

    Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

    Thanks and take care,
    Brian