cancel
Showing results for 
Search instead for 
Did you mean: 
dantu
Level 7

Allowing execution of a .exe on mass storage device

Hi there

I am testing DLP managed from ePO for Company-wide rollout, but am unable to get our corporate memory sticks working. They have an exe file that unlocks the encrypted portion, but DLP is blocking execution of this file and the stick is blocked at this point.

Our corporate encrypted USB sticks are in the whitelisted plug and play device definitions. I have also added the .exe name in the Application Definitions with Trusted Strategy and it's also a Whitelisted Application.

Thanks


Dan

0 Kudos
3 Replies
cnorris
Level 10

Re: Allowing execution of a .exe on mass storage device

It depends on the make/model of the stick. From previous experience some encrypted USB sticks appear as a CDROM then you use the software on the virtual CD to load the encryted partition which appears as a disk drive.

So my first thought is that the CDROM part is blocked or made Read-Only?

Chris Norris

Global Support Engineering Operations

0 Kudos
dantu
Level 7

Re: Allowing execution of a .exe on mass storage device

That's right re read only partition in CDFS and running the exe should enable the encrypted partition. DLP is blocking the device after the exe is run.

I have logged a SR (4-4352049397) with McAfee, but we're having problems with DLP event not getting to ePO so they'll help with that too. Output from the MER Tool has been uploaded.


Dan

0 Kudos
vimalnavis
Level 13

Re: Allowing execution of a .exe on mass storage device

If you are using Removable Storage Device Definition, the Whitelisted Plug and Play device definition wouldn't make any difference.

To me it seems like the way you have defined the rules, the virtual CD/DVD portion of the drive is being made read-only. You would want to modify the rule to exclude those drives.

0 Kudos