Endpoint Protection

 View Only
Expand all | Collapse all

SEP 12.1.5, USB contents Block and allow App

  • 1.  SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 07:57 AM

    Hi

    I have a scenario which i want to see if possible or not, i want to block whatever in USB Device but allow certain applications.

    Thanks 



  • 2.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 07:58 AM

    There is a default ADC policy called "Block programs from running from removable drives"

    You can edit this one and allow only the programs you want to run under "Do not apply this rule to the following processes"

    Similar to this:

    Capture_66.JPG



  • 3.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:00 AM

    rather than blocking the USB, You need to set the option to  block application from running from removable media, under allow set your programs,



  • 4.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:09 AM

    Ripped one cached URL for you, 

    http://webcache.googleusercontent.com/search?q=cache:_AvL0anaNFAJ:www.symantec.com/business/support/index%3Fpage%3Dcontent%26id%3DTECH92172+&cd=1&hl=en&ct=clnk&gl=in



  • 5.  RE: SEP 12.1.5, USB contents Block and allow App

    Broadcom Employee
    Posted Jan 20, 2015 08:16 AM

    Hi,

    Thank you for posting in Symantec community.

    I would be glad to answer your query.

    Application control blocks or allows the defined applications that try to access system resources on a client computer. Application control is implemented using application control rule sets. An application control rule set contains one or more rules that you create. Each rule contains one or more conditions. Use application control rule sets to define the application control part of your Application and Device Control Policy

     

     



  • 6.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:33 AM

    Thats almost what i need but one more point, how about if i want to use an USB and copy whatever inside my machine or some where else, would i be able to do so.

     

    For example, i have word files in USB, so i want to open the USB and copy the file but not run it, would that be possible or the policy will block all apps and allow only whatever i mention.

     

    Thanks



  • 7.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:37 AM

    You can still copy but if you block the file by name or even just the extension (.docx), it will be blocked from running. SEP can do this but if you need tighter controls, you need to look to DLP type software.



  • 8.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:37 AM

    It will block it from running, within the USB only

    what you are asking is availabe in DLP sofware



  • 9.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:44 AM

    That means if the user copy the file to his machine and run the file from the there it will not be blocked????

    Then if the answer is yes, how my senario can be done with in SEP that without giving the user option to copy i can block all apps and allow few apps?????



  • 10.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:47 AM

    It will be blocked, the user can only copy. Assuming you setup the correct filenames or extensions.... Did you see my screenshot on how to setup?



  • 11.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:47 AM

    yes, it will not be ,because you have mentioned it to Block running from Removal media.

    for your scenario you need to have Data loss prevention installed.



  • 12.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:50 AM

    Otherwise i block the USB totally so no apps to run from USB neither any file to copy, am i right???? 



  • 13.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 08:51 AM

    There is also a default rule to "Block writing to USB drives" So include that as well

    Capture_67.JPG



  • 14.  RE: SEP 12.1.5, USB contents Block and allow App

    Posted Jan 20, 2015 09:21 AM

    Yes, USB are the main source for viruses, I believe only few people in your Org need that access, you can create a new group and add them as exception. 



  • 15.  RE: SEP 12.1.5, USB contents Block and allow App

    Broadcom Employee
    Posted Jan 20, 2015 09:41 AM

    You need to setup rules, properties & actions correctly, I would request you to note down your specific requiements and verify whether it's possible or not.