Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Wanting to block applications from running from removable drives but allow my USB thumb drive.

  • 1.  Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 11:30 AM
    Hello All,

    I have tried many different solutions. I tried just the application and the device control with no success.

    When I check the block programs from running from removable drives in application control I put in the device ID in don't apply to device ID. Everything is still blocked.
    I then took out the device ID exception in application control and added one to the device control but that didn't work either.
    I have followed the article from symantec to a T but still no success. Can someone please help?


  • 2.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 11:30 AM
    I forgot to mention that I do not have inheritance turned on.


  • 3.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 11:35 AM
    Did you follow this document
    ?

    How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/b54beb2f46268ccc882574e80052960f?OpenDocument 


  • 4.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 11:43 AM
    I did but am I supposed to use Make all removable devices read-only instead of Block programs from running on removalbe drives?


  • 5.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 11:54 AM
    You need to add the device id of new device under the policy components
    once done that you will find it under excluded list.
    are you trying to block msiexec.exe or installer?

    msiexec.exe is still able to Create and Write .exe files when an Application Control Polciy is in place to block all Create, Write and Delete attempts to all .exe Files

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/bdc1ca1f484550176525752e006e8dc8?OpenDocument




  • 6.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 12:08 PM
    I will give that a try. I want to be able to block exe, com, pif and scr or any other executables except my usb key.


  • 7.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 12:29 PM
    So what you are saying is if I just want to block exe's on a usb thumb drive that I should make the USB drives to block *.exe but in device control to allow my device ID. Is this correct?


  • 8.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 12:43 PM
    Yes, because here you are only using exe ( Application ) control. and not device ID (Device) Control.


  • 9.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 01:08 PM
    I have the policy partially working. It doesn't allow any usb to run exe's. I have included screen shots of my settings.


  • 10.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 01:11 PM
    so where u have added the exe click add and add  com, pif and scr 


  • 11.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 01:23 PM
    Those 4 exceptions work but know how do I tell it to only allow my key. I have added it to the hardware devices using the device ID. Where do I add it to allow me to run those files? Application control or device control?


  • 12.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 01:48 PM
     Ok..in this case you need to use both application and device control..
    For App control you have already added exe if you want you can add others..
    Now For Device control..
    For device to block select USB device
    For device to allow select
    Human Interface Devices and select your Device ID.

    So it will block all USB and allow only your key..
    then as per App control..in your key it will block exe and scr..etc..



  • 13.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 01:54 PM
    You may have misread what I want to do. I want all USB drives to be enabled but not able to run exe, com, pif, scr... but allow my usb drive to run them.


  • 14.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 02:04 PM
    I am getting it now..

    nothing to be done in device control.

    In application control..
    block exe from removable drive..

    below that you'll find "do not apply to following processes"
    select "only match processes running on follow device ID"
    and enter your device ID.

    now check if that works how you wanted to...


  • 15.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 02:08 PM
    Process name to match do I put in an *? or do I put in exe...


  • 16.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 02:11 PM
    well I would say start with a *
    then if you still find it blocking exe then try adding exe etc. 


  • 17.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 02:15 PM
      |   view attached
    I have done what you have said and put in the exe, com, pif, scr but is still blocking my device. I have included a screen shot of devviewer and what my device id is. I thought every usb hard drive/thumb drive is supposed to have usbstor?


  • 18.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 02:25 PM
    Make sure you have removed the Device Control policy and there is nothing there..

     just put a star (*)instead of exe,scr etc

    unplug your USB device. Apply the policy..
    reboot your machine
    open device manager--keep it open while you plug in your USB..check you pop-up or message you see in device manager if yourdevice shows disabled tright click and try to enable it..




  • 19.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 02:51 PM
    Still saying handle is invalid. This is getting very frustrating. I had it working last week but now it will not.


  • 20.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 03:06 PM
    ok..so now its not blocking your device but it is blocking the exe.
    Have you put * in the policy for exception..if yes then did you try changing it to *.exe


  • 21.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 03:22 PM
    I have tried both ways but still blocking me from running exe from my key.

    Any other suggestions?


  • 22.  RE: Wanting to block applications from running from removable drives but allow my USB thumb drive.

    Posted Mar 01, 2010 03:35 PM
    tried the reverse?

    How to prevent programs from running by blocking the file extension types from removable drives.

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/afefa878c528d1ed882575520076cd16?OpenDocument