Better Scanning options for USB (Pen Drives)
Hi,
First, I would like to Thank SYMANTEC for the beautiful product Symantec Endpoint Protection with multiple features!!!
Which has made the IT industry to manage resources in systematic way, based on 32 bit and 64 bit.
I feel a small upgradation in Application and Device Control will enhance its features and meet the customer expectation.
As we are aware that these days USB Pen drives are becoming more popular than expected. Each and every person having the system knowledge, use Pen drives for their day to day activites. This has made life simpler and also becoming a major threat as they have became one of the most power full medium for spreading the virus.
SEP is doing good in protecting the systems by
Donot run the executable.
Donot run Autorun.inf.
Make removable drives as Readonly. etc,,,
But if we observe, Any company who has procured SEP most of them would have not applied the above policy untill and unless there is a need Or even in some cases they even don't know about theses policies.
When ever a pen drive is connected it will start spreading the virus if it is infected. Because RTV scanning will not happen.
Most of them, even if they apply the policy it would not support fully. Unless they scan their pen drives.
My Opinion
1. Best option to SCAN the pen drives as soon as it gets connected to the system.
2. To have the Password Protection for USB drives. ( So that only Administrator have the writes to decide).
Comments
If Windows is configured to enumerate drives when connected...
If Windows is configured to enumerate drives when connected then Autoprotect will scan USB drives when they are plugged in.
Also, the most common reason to block autoruns is to limit the spread of threats that we do not have definitions for, as any file that tries to run from a USB drive is scanned by RTVScan and if we have definitions for the threat then it will be detected.
idea is good but if you
idea is good but if you connect the pendrive (8GB,16GB) and sep start the scan then what will happen?
So better use current available polices
regards,
Ajeet
Hi Jeremy / Ajeet, Thanks for
Hi Jeremy / Ajeet,
Thanks for the feed back, In most of the orginisation you cannot ensure that all the systems i.e., 100% virus definition updates are possible.
So even a old virus cannot be deleted if it is not updated.
thou you have disabled the autorun.inf file this will stop spreading, but moment the user tries to copy the files from the pen drive it will automatically gets copied to the system and starts spreading.
If the pen drive is of 8/16 gb then better to have Password protection so that the user does not open it untill the administrator approves it.
Now also is is possible to
Now also is is possible to allow certain usb drives and
block all other throuh application and device control policy .Ref: http://service1.symantec.com/support/ent-security....
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Its better.
I think its better if Symantec can have the list of device ID and it will be automatically be downloaded inluded in the daily updates. It is very hard to collect unique device IDs. I think Symantec has capabilities of this if granted.
Jomar Gonzales
SAV for Mac
As soon as any removable media is inserted into Mac, SAV for Mac runs an autoscan for the disk (USB, CD, or DVD,).
It is worth giving a thought to consider similar behavior for windows computers.
Sincerely,
Would you like to reply?
Login or Register to post your comment.