Can we create a policy in DLP where we can block executables running from USB but allow executables to be copied to System from USB & from System to USB.
I am able to block executables but not able it to copy to system or form system to USB.
Can anyone know whether we can create this kind of policy or not.It will help me.
I cannot think of any way to do that. They either are accessible or not - there's no fine distinction between a file copy and an execution only that the file is accessed.
i also would like to figure out how to do this. i have been able to block exe's launched via USB, but it's important to still allow the user to copy and run it locally so that our security tools can view it.