Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Block DVD/CD Burning

Created: 21 Jul 2009 • Updated: 21 May 2010 | 8 comments
This issue has been solved. See solution.

I want to know what the status is about blocking CD/DVD burning in SEP V11 MR4 MP4. I search in this forum. It seem it still cannot block CD/DVD burning in Application Control - Make all removable drives read-only. So what on earth this can block? USB drive or floppy drive? Can it block burnner software like Nero burning software to burn data?

My office want to block cd/dvd burnner to brun data for all users. I tested Application control policy - Make all RD read only. It did not work. I still can burn data cd by Nero. Any idea?

Thanks.

Comments 8 CommentsJump to latest comment

Grant_Hall's picture

Try this:

Since CD/DVD writing uses an unconventional read/write operation, Symantec Endpoint Protection cannot block it directly.

To work around this problem, create both of the following policies:

1. Create an Application and Device Control policy that blocks the specific applications that write to CD or DVD drives.
2. Create a Host Integrity policy that sets the following Windows registry key to block write attempts to CD or DVD drives:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

DWORD NoCDBurning

Decimal Value: 1

This is from the guide here: http://service1.symantec.com/support/ent-security....

Also from what I understand blocking cd burning directly is an enhancment that is currently being investigated. You might want to suggest it in our idea's section too just to make sure that Symantec knows there are plently of people out there that want to be able to do this : )

Cheers
Grant-
*edit* I forgot to mention before that if that registry key located above doesn't exist create it and then apply the policy to the newly created registry entry.

Please don't forget to mark your thread solved with whatever answer helped you : )

Saeed's picture

You may test these steps..

Open the SEPM and click in Policies tab.
Click in Application and Device Control under View Policies. On the right pane, edit the Application and Device Control policy and click in Application Control.
Edit the "Make all removable drivers read-only" Rule Set.
Under the Rule frame, click in "Block writing to all files and folders".
Confirm that in the option "Apply to the following files and folders" exists the command line "* (enable drive types)"
If exists, select this line and click in Edit.
The next screen will show some information about file and folder definition. Check the "CD/DVD drive" option and uncheck the "Removable drive" option.
Click in OK to confirm the changes in this rule set.
Check the checkbox about this rule and click in OK to confirm.

PS: Don't forget that for this rule to work we need to create a client package with Network Threat Protection and Application and Device control.

Hope this helps..

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
 

SOLUTION
Peterpan's picture

Use md5 to get the file fingerprint of the burning software and register it on the application and device control then configure it to block this kind of application.

:-)

Jmor's picture

That seems like a bandaid approach to the problem.  You don't require programs like Nero to burn data to CDs in XP so only blocking Nero by MD5 or any other method, wouldn't get to the root of the problem. 

The drives themselves need to be set to read-only through SEP in the first place.  We've done this same thing with another product.

573512236's picture

It worked. I tried Happytohelp's way and go to the rule inside to check "CD/DVD Drive" option and uncheck "Removable Drive" option. Then I cannot copy data or write data to CD/DVD drive in Windows. That is the right I need now. As far as Nero and Roxio, I can remove these software from client pc. If clients is not allowed to burn data, why they need the burning software?
Thanks everybory help.

Nel Ramos's picture

Block the application that uses cdS..
Get the MD5 to be part of the included list....

Nel Ramos

573512236's picture

Please give me more information for MD5 or any link. Where can I get this and how can I input it to Application Control policy? Does it works all burning software? I tried google it. It did find a lot about MD5. It is not for Endpoint Application control policy.

Thanks.

Grant_Hall's picture

This is a great thread going on that goes through the entire procedure of obtaining and applying md5. It also has quite an extensive list of md5 that users have already posted. Hope it helps

https://www-secure.symantec.com/connect/forums/how...

Grant-

Please don't forget to mark your thread solved with whatever answer helped you : )