Endpoint Protection

 View Only

  • 1.  Excluding encrypted USB from device list in Symantec Endpoint Protection

    Posted Mar 31, 2010 07:17 AM
    Hi

    I have just rolled out Symantec Endpoint Protection 11 to my firm.  One problem we now have is that our encrypted USB sticks are now longer able to run.  When you insert the stick an exe on the drive should run and you then enter a password to access the contents.  Due to the security on USB sticks this is no longer possible.

    My question is, am I able to exclude the SafeStick.exe file from being blocked for all sticks?  We have over 30.

    Thanks

    James


  • 2.  RE: Excluding encrypted USB from device list in Symantec Endpoint Protection

    Posted Mar 31, 2010 07:24 AM
    follow this doc to allow safestick

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/b54beb2f46268ccc882574e80052960f?OpenDocument

    PRINT THIS PAGE PRINT THIS PAGE

    How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.



  • 3.  RE: Excluding encrypted USB from device list in Symantec Endpoint Protection

    Posted Mar 31, 2010 07:33 AM
    UPDATE

    I have added SafeStick.exe to the exclusion list which has worked.  I would however like to add the file fingerprint just in case a trojan or similar ever has this name.  How do I use the checksum tool?  

    I tried checksum.exe c:\SafeStick.exe results.txt and I just get 

    Checksummer (c) Sygate 2004
    Checksummed 0 files

    Any ideas?

    Thanks

    James


  • 4.  RE: Excluding encrypted USB from device list in Symantec Endpoint Protection

    Posted Mar 31, 2010 07:36 AM
    followed the same steps

    Generating the file fingerprint list:

      • Open a command prompt window.
      • Navigate to the directory that contains the file checksum.exe. By default, this file is located in the following location: C:\Program Files\Symantec\Symantec Endpoint Protection
      • Type the following command: checksum.exe outputfile drive
          • where outputfile is the name of the text file that contains the checksums for all the executables that are located on the specified drive. The output file is a text file (outputfile.txt).


  • 5.  RE: Excluding encrypted USB from device list in Symantec Endpoint Protection

    Posted Mar 31, 2010 07:45 AM
    You can find some websites also which will help you to find the fingerprint of a file..


  • 6.  RE: Excluding encrypted USB from device list in Symantec Endpoint Protection

    Posted Apr 30, 2010 07:11 AM
    This is all working now but I have had to stop using parts of the policy as I can't add EVERY exe file to a separate line in the policy.  I have submitted a change request to get Symantec to allow referencing of the file fingerprint lists instead.  Let's hope...


  • 7.  RE: Excluding encrypted USB from device list in Symantec Endpoint Protection

    Posted Jul 07, 2010 09:31 AM
    Hi,

    We would like to roll out an USB stick encryption software on all of our USB memory sticks. We have various types of the USB memory sticks in use. We want to block all of the USB memory sticks which does not have the encryption software and which is not an authorised USB memory stick.

    Can we enter a device id for each of them in SEP (to unblock the usb memory stick) and unblock the encryption software (for example safestick.exe) via application control in SEP?

    On an existing memory stick (used for about a year or 2), where can we find a device id?

    Many thanks


  • 8.  RE: Excluding encrypted USB from device list in Symantec Endpoint Protection

    Posted Jul 07, 2010 11:41 AM
    I would personally use a Device ID with a wild card (*) to get this going, and have done so successfully with Iron Key devices already.

    I have a policy with all USB devices disabled, except for the Iron Key devices in use.  There are a number of articles available to help you get this going.