cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
erpede
Level 9
Report Inappropriate Content
Message 1 of 9

How do you prevent users from booting into xp safe mode...

...if you are not using 'Endpoint Encryption for PC'?

If you are not preventing users from booting into safe mode, how do you prevent them from logging on in safe mode?

If you are not preventing users from logging on in safe mode, how do you protect your usb devices?

Any ideas are welcome.

8 Replies
georgec
Level 13
Report Inappropriate Content
Message 2 of 9

Re: How do you prevent users from booting into xp safe mode...

erpede
Level 9
Report Inappropriate Content
Message 3 of 9

Re: How do you prevent users from booting into xp safe mode...

Yeah. I know that solutions.

But, well, hacking the ntldr (BlueScreen-by-design) or buying additional third party software (NoSafeMode) are no options for an enterprise company. - If a device has been blocked, it should remain blocked. In any case. Until the administrator unblocks it.

There is less to none host protection if a host boots up in 'windows safe mode' via F8. Users can access USB devices regardless whether access has been granted or not as well as there is no virus protection if they use usb devices at that time.

We now consider changing away from McAfee. Many roads leads to Rome.

Thank you anyway.

Nachricht geändert durch erpede on 26.10.11 15:59:42 MESZ
georgec
Level 13
Report Inappropriate Content
Message 4 of 9

Re: How do you prevent users from booting into xp safe mode...

Let us know if you find a product that offers this feature. I once had to block SafeMode and used this dirty method.

George

pierce
Level 13
Report Inappropriate Content
Message 5 of 9

Re: How do you prevent users from booting into xp safe mode...

Why dont you just edit the DLP agent settings so it starts in safe mode?

By default its disabled but can be enabled in the agent settings.

erpede
Level 9
Report Inappropriate Content
Message 6 of 9

Re: How do you prevent users from booting into xp safe mode...

Of course I did. But it ain't that easy. All this setting does is preventing users from stopping a service that does nearly nothing but inform the administrator after(!) the incident when the system is back up in regular mode. Neither usb device rules will be applied nor anti  virus services will be started in case of a safe mode boot. (See: https://community.mcafee.com/thread/31899?tstart=30 too.)

After I had a nice talk with McAfee stuff, I think this behaviour is 'by design'. At least I did a product enhancement request.

@George: We consider buying Lumension Device Control or Cynapspro or something like that.

Nachricht geändert durch erpede on 31.10.11 13:31:59 MEZ
rc-uk
Level 7
Report Inappropriate Content
Message 7 of 9

Re: How do you prevent users from booting into xp safe mode...

Hi,

I have had similar discussions with McAfee re Safe Mode and DLP - the information I have is that the Safe Mode enhancement is expected post version 9.2. No indication of when this might be though.

Also, my recent experience of Lumension shows me that their product also does not protect in Safe Mode 😉

Russ

erpede
Level 9
Report Inappropriate Content
Message 8 of 9

Re: How do you prevent users from booting into xp safe mode...

Russ,

this is not correct. Lumension (like many other products) does protect in safe mode. The lumension feature is called 'client hardening' and, as far as I know, it has to be enabled. We tried this in many tests (even with version 4.0.3) - it works. In the new versions you can configure RBAC too, so just named USB administrators are able to handle those services. All settings are copied to the machines so it doesn't make any difference whether you do a 'real' boot or not. O.K., F8 itself won't prevented - its just not the point - but the use of devices.

Quotation: "Sanctuary's Client Hardening feature will protect Sanctuary's clients for a possible tamper even if the user is an administrator." And: "Safe mode boot causes no threat to Sanctuary drivers, which continue to run even when you boot in this mode."

Hint: If a dlp software does have kernel mode drivers you will be on the right way. (Check out and compare i.e. Lumension, Cynapspro, DeviceLock, DriveLock)

Nachricht geändert durch erpede on 10.11.11 13:25:38 MEZ

on 10.11.11 13:26:38 MEZ

on 10.11.11 13:27:07 MEZ
rc-uk
Level 7
Report Inappropriate Content
Message 9 of 9

Re: How do you prevent users from booting into xp safe mode...

Thanks,

Might be an issue in the version we have tested (on the new LEMSS server) which has several 'features' not present in earlier versions - i.e. 4.0.4.

Lumension assure us they are working on them and they will be corrected in futures fixes or service packs.

Russ

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community