I have the device control v9 integrated in the ePO 4.5. I would like to known if is it possible to block .exe from being executed from a USB storage device?
Carlos RibeiroMessage was edited by: cribeiro on 6/7/10 1:02:49 PM CDT
I think it's already there by default in DLP 9.0. If you have a DLP agent installed - unless untill you whitelist that exe file for USB, you shouldn't be able to run that exe file. Check the DLP product guide for more info.
Use Removable Storage File Access Rule (under Device Rules section) to address this use case.
This rule is available with HDLP v9.
If I understand the Removable Storage File Access Rule is to block the move of information from your PC to the USB, not from the USB to the PC.
I will try to be more clear:
Imagine that a guy came to his company PC and he wants to use for example the Firefox portable or another *.exe. How can I stop this kind of files from being executed?
Removable Storage Protection Rule (Protection Rule) is used to protect data moving from PC to USB.
Removable Storage Device Rule (Device Rule) is used to protect devices,
Removable Storage File Access Rule (Device Rule) is used to block applications from being run out of USB devices.
My original reply is accurate. From the Product Guide:
File access rules block removable storage media from running applications.Message was edited by: vimalnavis on 6/21/10 6:23:38 PM CDT
Thanks for your answer but I still have a doubt. If we create one Removable Storage File Access Rule can we grant that only application (.exe, .msi) are blocked?
The Removable Storage File Access Rule blocks all executable applications (.exe, .msi, .bat, .cgi, .cmd, .zip, .rzr and etc.), apart from any specific applications you can define as whitelist applications (eg. a.exe), so you can't block only .exe, .msi
can you specify an individual file type to block (ie mp3)?
If not, where can i find out what is blocked by default?
Also, with the removable storage file access rule it doesnt log anything to DLP monitor when a file has been blocked (which has been attempted to "open" on a USB device)? is this by design?
Thanks.Message was edited by: mcafeee on 01/07/10 06:06:15 CDT