Endpoint Protection

Hi,

We want to block print screen as we have few users who use to breach security via taking snpshot of data.

Any way on how to block Print screen via application control.

Regards,
SAM

@Prachand thank you for the information

 

Users can use for paste pictures Word or excel too.
I thing so printscreen is not a exe. it is a command like ctrl + alt+delete.
Maybe can control with GPO
Thanks
Fatih

I am also not getting PrintScreen.exe file in my pc. As Fatih Teke’s post if it is a command like ctrl + alt+delete you  have to look for some other way to block it.You can block the applications like mspaint which users will use for copying the image. If they are copying the data through usb you can block the usb drives if you want you can allow some specific usb drives.You can make the removable drives read-only also.. 

 

I have  deleted my last post as the information  was incorrect. The correct information is

PRINT SCREEN  CANNOT BE BLOCKED BY APPLICATION AND DEVICE CONTROL ( SEP).

it is posible but need 3third party program.
My friend is delphi coder. And he create one program it will start full screen and can disable ctlr+alt+delete Or Windows+L or Windows +R etc.
Its mean we can blocked printscreen button too.
I will search the registry key for it.
Thanks.
Fatih

the parameters are: IDHOT_SNAPDESKTOP - taking a full screen picture
IDHOT_SNAPWINDOW - take the active sceen picture.
in either way,
in order to bypass the PrintScrn function button you need to "re-register" the hotkey in windows, which means you need to meddle with the windows API.
you could block the printsceen option by running a script on each computer.
the script has to change the definitoin of the button Printscreen.
you can find more information about this here:

 - MSDN Library Online : RegisterHotKey Function 
        ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/WinUI/WindowsUserInterface/UserInput/KeyboardInput/KeyboardInputReference/KeyboardInputFunctions/RegisterHotKey.asp)

 - MSDN Library Online : WM_HOTKEY Notification 
        ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/WinUI/WindowsUserInterface/UserInput/KeyboardInput/KeyboardInputReference/KeyboardInputMessages/WM_HOTKEY.asp)

I forgot to mention, you wont be able to preform this task with SEP. if you want you could deploy the script and run it with Symantec Altiris.

enjoy,
naor.

Remap the PrintScrn button on the keyboard............
However, that won't block FREE apps that will allow a user to do screen captures and there are a ton of them.
You'll have to use SEP to block unapproved apps, otherwise a user can download and run (from their own profile area) an app that will capture all or parts of screens, and either put them in the clipboard or save them as image files.
In other words, this ain't going to be a simple nor a one-step process as Windows isn't the only thing that can capture screen content.
Web apps can also do the same..............

Hello again.
Can you try these steps in GPO?these guys said can do it with regitry key. I thing so you can take good result.
http://www.computing.net/answers/windows-xp/enabledisable-print-screen-functio/171543.html
Thanks
Fatih.

If someone wants to steal the data that bad, they could just use their nice high res camera phone and send it off.
How do you keep that from happening?

Cycletech has a good point..
that is why technology + hard policy must be in place...
No USB flash drives...
No Video or Cameras...
No Mobile phones...
Hard line policies but needed for effective security against internal breach...

does the Vontu takes care for this request?
 

 

Vontu has a limited way of helping you.
vontu does not "kill" the Print screen function. it relay on SEP to do that by modifing the registry.
if the application control policy does not deny access to  snapshot programs like snagit and such vontu can help you.

the concept of vontu in general is to help educate the company employees. there is something we must understand. if someone wants to take your data and he has access to the files, nothing will stop him.
as Cycletech said he could take a picture with a cameraphone.

 

As others have told its not possible to block other application from taking the snapshot...
But remapping the scan code(Using registry) and creating a policy in the SEP to modify the changes to that registry key will block use of print screen.

First change the registry key...
REF:
http://www.pcreview.co.uk/forums/thread-1532351.php 

Then create a application and device control policy to block modification to that registry key(you can set the action to take in action tab)......



Hope this will help you...

When we put DRM in place here we also had to sit down and figure out ways that people could get around it.   You need a good policy in place and realise that your not going to prevent some one who really wants to get the data out.  Camera phones are too common these days just try to find a cell with out one these days its not easy.  Also if you really want to get the date the spy shops offer up so many things that hide a camera and you would never know the user had it unless you knew what it was.  

The 3rd party apps like snagit also are a way around things like that and there are just too many to catch them all.    Now all that said I have seen some increadible solutions to help even more.  I'm not sure if symantec has one off the top my head but the one that most impressed me was from websense and it took what they do for webfiltering to the next level and watch emails for specific data patterns of things and could prevent things like social security numbers from going out.  

Dear Sir,

Please help me, in this Should I Change the Registry key or Just i need to create a Policy (Application)  as Mr. SHP, i try it but it dosn't work


Thanks and Best Regards,
Samir

Hi Samir,

Please find the attached files to block as well as to allow the Print screen on the Windows XP machines.
 
1) Print Screen Block.reg file will block the print screen on the user machines.[Need a reboot].

2) Print Screen Allow.reg file will allow the print screen on the user machines. [Need a reboot].

3) Print Screen Block_RegistryEdit.dat is Symantec Endpoint Protection Application & Device Control policy which will not allow the user to make any modification to Print screen values in the registry key.

 Incase if we want to allow the Print screen on user machine, we have to first move the user to different Client group in SEPM where the registry editing is allowed for print screen values in registries and then we need to execute Print Screen Allow.reg file.

Note: I am not able to attach Print Screen Block_RegistryEdit.dat file. Please provide me with your email address. I will send the same 2 u.

Check and let me know how it goes.....

Regards,
SAM

can you send it to me
Original Message:
Sent: 05-20-2010 07:11 AM
From: Migration User
Subject: How to block print screen with Application device contrl.

Hi Samir,

Please find the attached files to block as well as to allow the Print screen on the Windows XP machines.
 
1) Print Screen Block.reg file will block the print screen on the user machines.[Need a reboot].

2) Print Screen Allow.reg file will allow the print screen on the user machines. [Need a reboot].

3) Print Screen Block_RegistryEdit.dat is Symantec Endpoint Protection Application & Device Control policy which will not allow the user to make any modification to Print screen values in the registry key.

 Incase if we want to allow the Print screen on user machine, we have to first move the user to different Client group in SEPM where the registry editing is allowed for print screen values in registries and then we need to execute Print Screen Allow.reg file.

Note: I am not able to attach Print Screen Block_RegistryEdit.dat file. Please provide me with your email address. I will send the same 2 u.

Check and let me know how it goes.....

Regards,
SAM