USB Blocking Policy
Updated: 06 Nov 2011 | 11 comments
This issue has been solved. See solution.
Hi,
USB blocking policy is working on application base ya on registry base..
In the other word. If we can change in Registry of USBSTOR. USB will be enable or not..
Regard
Sumit
Discussion Filed Under:
Comments
As per my knowledge it is
As per my knowledge it is Application based.
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Change registry setting will not change USB blocking status
Change registry setting will not change USB blocking status,
Hi
I have also think the same but at our discuss with one of the technician, he told me that policy/registry will be change till heartbeat time.. He was a little bit confused on that time. So I want to clear..
Regard
Sumit
Regard
Sumit G.
I apologise for maybe not
I apologise for maybe not understanding the question, but here's some things I do for USB;
I use application and device control, DEVICE control, to block all via a device definition:
*USBSTOR\Disk*
And add that under blocked devices. I then create exceptions if needed, for devices we wish to allow.
Symantec has already defined things like HID - Human Interface Devices, but my definition above is only for STORAGE devices, like "thumbdrives" or USB sticks, or storage in phones, etc. This way no one can plug a USB stick into their computer and copy files to or from it.
You could use registry control in the APPLICATION control part of SEP's Application and Device control for similar, like they did in a rule set for blocking new Browser Helper Objects:
Create a ruleset and add registry access attempts. You can block or allow reads, block or allow writes, and so on. Here is what they used - they blocked writes to this key ->
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\*\*
You can also use SNAC if you are so licensed.........
OR, you can manually, in regedit, or in a GPO, make a key or area read-only. Group Policies are a good way to manage the registry, and you can create custom policies and let your domain manage it for you.
My sites - http://theamcpages.com & http://antique-engines.com
Toy:
Shadow:
Hi
I know it's good way to manage the "USB block policy" threw Group Policy but when We are change in the registry setting of USBSTOR. Pendrive will be accessible.
I want to confirm that same problem is in SEPM or not??
If the SEP USB policy is working threw USBSTOR Registry. So any of Engg can access the pen drive there..!!
Regard
Sumit G.
Well, you can use Group
Well, you can use Group Policy to block USB or to make USB read only.
Make sure you make
: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\*
Read only using SEP Application Control.
If you block using application control the only way to allow USB would be to stop smc even domain admins cannot use USB if blocked by SEP.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hi
I am also satisfy with your words but one of the technician told me that application is control by USB Registry..
If we can change the value of USBSTOR. Pendrive access till Next Heartbeat..
So I have raised this form for proper confirmation.
Regard
Sumit G.
Which registry ?
Which registry ?
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hi
UsbStor Registry
Regard
Sumit G.
SEP works on OS Level not on
SEP works on OS Level not on registry level
If you apply USB block policy via AD GPO then if users change it via registry
If its done via SEP you cannot change it via Registry
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Thanks
Thanks a lot for the Confirmation..
Regard
Sumit G.
Would you like to reply?
Login or Register to post your comment.