Endpoint Protection

 View Only

  • 1.  Block DVD/CD Burning

    Posted Jul 21, 2009 10:19 PM
    I want to know what the status is about blocking CD/DVD burning in SEP V11 MR4 MP4. I search in this forum. It seem it still cannot block CD/DVD burning in Application Control - Make all removable drives read-only. So what on earth this can block? USB drive or floppy drive? Can it block burnner software like Nero burning software to burn data?

    My office want to block cd/dvd burnner to brun data for all users. I tested Application control policy - Make all RD read only. It did not work. I still can burn data cd by Nero. Any idea?

    Thanks.


  • 2.  RE: Block DVD/CD Burning

    Posted Jul 21, 2009 11:18 PM
    Try this:

    Since CD/DVD writing uses an unconventional read/write operation, Symantec Endpoint Protection cannot block it directly.

    To work around this problem, create both of the following policies:

    1. Create an Application and Device Control policy that blocks the specific applications that write to CD or DVD drives.
    2. Create a Host Integrity policy that sets the following Windows registry key to block write attempts to CD or DVD drives:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

    DWORD NoCDBurning

    Decimal Value: 1


    This is from the guide here: http://service1.symantec.com/support/ent-security.nsf/docid/2008042510214848

    Also from what I understand blocking cd burning directly is an enhancment that is currently being investigated. You might want to suggest it in our idea's section too just to make sure that Symantec knows there are plently of people out there that want to be able to do this : )

    Cheers
    Grant-
    *edit* I forgot to mention before that if that registry key located above doesn't exist create it and then apply the policy to the newly created registry entry.



  • 3.  RE: Block DVD/CD Burning
    Best Answer

    Posted Jul 22, 2009 04:17 AM
    You may test these steps..

    Open the SEPM and click in Policies tab.
    Click in Application and Device Control under View Policies. On the right pane, edit the Application and Device Control policy and click in Application Control.
    Edit the "Make all removable drivers read-only" Rule Set.
    Under the Rule frame, click in "Block writing to all files and folders".
    Confirm that in the option "Apply to the following files and folders" exists the command line "* (enable drive types)"
    If exists, select this line and click in Edit.
    The next screen will show some information about file and folder definition. Check the "CD/DVD drive" option and uncheck the "Removable drive" option.
    Click in OK to confirm the changes in this rule set.
    Check the checkbox about this rule and click in OK to confirm.

    PS: Don't forget that for this rule to work we need to create a client package with Network Threat Protection and Application and Device control.

    Hope this helps..


  • 4.  RE: Block DVD/CD Burning

    Posted Jul 22, 2009 09:16 AM
    Use md5 to get the file fingerprint of the burning software and register it on the application and device control then configure it to block this kind of application.


  • 5.  RE: Block DVD/CD Burning

    Posted Jul 22, 2009 10:38 AM
    That seems like a bandaid approach to the problem.  You don't require programs like Nero to burn data to CDs in XP so only blocking Nero by MD5 or any other method, wouldn't get to the root of the problem. 

    The drives themselves need to be set to read-only through SEP in the first place.  We've done this same thing with another product.


  • 6.  RE: Block DVD/CD Burning

    Posted Jul 22, 2009 03:41 PM
    It worked. I tried Happytohelp's way and go to the rule inside to check "CD/DVD Drive" option and uncheck "Removable Drive" option. Then I cannot copy data or write data to CD/DVD drive in Windows. That is the right I need now. As far as Nero and Roxio, I can remove these software from client pc. If clients is not allowed to burn data, why they need the burning software?
    Thanks everybory help.


  • 7.  RE: Block DVD/CD Burning

    Posted Jul 22, 2009 05:33 PM
    Block the application that uses cdS..
    Get the MD5 to be part of the included list....


  • 8.  RE: Block DVD/CD Burning

    Posted Jul 22, 2009 08:52 PM
    Please give me more information for MD5 or any link. Where can I get this and how can I input it to Application Control policy? Does it works all burning software? I tried google it. It did find a lot about MD5. It is not for Endpoint Application control policy.

    Thanks.


  • 9.  RE: Block DVD/CD Burning

    Posted Jul 22, 2009 10:28 PM
    This is a great thread going on that goes through the entire procedure of obtaining and applying md5. It also has quite an extensive list of md5 that users have already posted. Hope it helps

    https://www-secure.symantec.com/connect/forums/how-block-applications-sep-using-md5

    Grant-