cancel
Showing results for 
Search instead for 
Did you mean: 

How to block .exe from being executed in a USB storage device?

Hi,

I have the device control v9 integrated in the ePO 4.5. I would like to known if is it possible to block .exe from being executed from a USB storage device?

Thanks

Carlos Ribeiro

Message was edited by: cribeiro on 6/7/10 1:02:49 PM CDT
7 Replies

Re: How to block .exe from being executed in a USB storage device?

I think it's already there by default in DLP 9.0. If you have a DLP agent installed - unless untill you whitelist that exe file for USB, you shouldn't be able to run that exe file. Check the DLP product guide for more info.

- AB

Re: How to block .exe from being executed in a USB storage device?

Use Removable Storage File Access Rule (under Device Rules section) to address this use case.

This rule is available with HDLP v9.

Re: How to block .exe from being executed in a USB storage device?

Hi,

If I understand the Removable Storage File Access Rule is to block the move of information from your PC to the USB, not from the USB to the PC.

I will try to be more clear:

Imagine that a guy came to his company PC and he wants to use for example the Firefox portable or another *.exe. How can I stop this kind of files from being executed?

Thanks

Carlos Ribeiro

Re: How to block .exe from being executed in a USB storage device?

Removable Storage Protection Rule (Protection Rule) is used to protect data moving from PC to USB.

Removable Storage Device Rule (Device Rule) is used to protect devices,

Removable Storage File Access Rule (Device Rule) is used to block applications from being run out of USB devices.

My original reply is accurate. From the Product Guide:

File access rules block removable storage media from running applications.

Message was edited by: vimalnavis on 6/21/10 6:23:38 PM CDT

Re: How to block .exe from being executed in a USB storage device?

Hi Vimalnavis,

Thanks for your answer but I still have a doubt. If we create one Removable Storage File Access Rule can we grant that only application (.exe, .msi) are blocked?

Thanks

Best Regards

Cribeiro

Liron
Level 7
Report Inappropriate Content
Message 7 of 8

Re: How to block .exe from being executed in a USB storage device?

Hi Cribeiro,

The Removable Storage File Access Rule blocks all executable applications (.exe, .msi, .bat, .cgi, .cmd, .zip, .rzr and etc.), apart from any specific applications you can define as whitelist applications (eg. a.exe), so you can't block only .exe, .msi

Regards,

Liron

Re: How to block .exe from being executed in a USB storage device?

can you specify an individual file type to block (ie mp3)?

If not, where can i find out what is blocked by default?

Also, with the removable storage file access rule it doesnt log anything to DLP monitor when a file has been blocked (which has been attempted to "open" on a USB device)? is this by design?

Thanks.

Message was edited by: mcafeee on 01/07/10 06:06:15 CDT
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center