Endpoint Protection

 View Only

  • 1.  Disabling Firewire

    Posted Dec 27, 2012 03:42 PM

    I would like to disable the Firewire port on my computers using Application/Device Control.   I'm using the built in class ID for 1394 FireWire Devices.  Its not working for me.   (In a Application and Device Control policy, click on Device Control, under blocked devices, click on add and select 1394 firewire devices).

    this article http://www.symantec.com/business/support/index?page=content&id=HOWTO60964
    states that Firewire controllers are whitelisted, so I can't diable them.

    Why would symantec give me that option if they are going to silently not do it?
    As currently configured will this disable all devices that connect to the 1394/firewire port, or will it just do nothing?

    Is there any way I can get sep to disable firewire?



  • 2.  RE: Disabling Firewire

    Posted Dec 27, 2012 04:00 PM

    The article is confusing as USB is also one that is whitelisted. I think it needs to state a difference between blocking a USB device and blocking the port itself on the machine. So I guess I understand what they're saying, it's just not very clear.

    I've always used DevViewer to get the hardware device ID of the USB and blocked by that. If you plug in a device into a firewire port and run DevViewer and add that way, it should work. My take from the article is that this is the way it needs to be done, using DevViewer.



  • 3.  RE: Disabling Firewire

    Posted Dec 27, 2012 07:06 PM

    I agree with you about the article.  

    DevViewer and deviceIDs works by identifying specific devices you want to disable.   I want to disable the class and thereby all firewire devices because firewire can be used by attackers to have direct access to memory.   They could dump the memory and search it for Full Disk Encryption keys.    The attackers tools wouldn't likely show up with a deviceID that I 've already blocked.

     



  • 4.  RE: Disabling Firewire

    Posted Dec 27, 2012 07:11 PM

    USBs should also be whitelisted according to the article but I know that to be untrue as I can block them using the device ID or the built-in policy to block all USB devices.

    I think some clarity is needed, which only Symantec would be likely to provide. Perhaps a support call to them...?



  • 5.  RE: Disabling Firewire

    Trusted Advisor
    Posted Dec 28, 2012 08:32 AM

    Hello,

    The Article you are checking is pertaining to SEP 11.x and not SEP 12.1

    You can use device control to control devices in the following ways:

    • Block or allow different types of devices that attach to client computers, such as USB, infrared, and FireWire devices
    • Block or allow serial ports and parallel ports

    Check this Article which is for SEP 12.1 - 

    About application and device control

    http://www.symantec.com/docs/HOWTO80859

    How to Block or Allow Devices in Symantec Endpoint Protection

    http://www.symantec.com/docs/TECH175220

    Hope that helps!!



  • 6.  RE: Disabling Firewire

    Posted Jan 03, 2013 11:14 AM

    The article I linked says "symantec endpoint protection" under products.   It is not restricted to any version.

     

    The links you're providing aren't particularly helpful because they are generic.   Rather than showing me how to do something, or reporting that it can't be done, it introduces the feature for newbies.



  • 7.  RE: Disabling Firewire

    Posted Jan 03, 2013 12:12 PM

    I have to ask.  Because Firewire is very popular in Macs, are you trying this on a Mac or a PC?

    Which version of Windows if a PC?



  • 8.  RE: Disabling Firewire

    Posted Jan 15, 2013 11:42 PM

    sorry, I must have missed the email notice that there was an update.

    Windows 7 .    an even mix of 32 and 64 bit.