cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kbugshan
Level 7
Report Inappropriate Content
Message 1 of 7

Scan USBs once pluggedin

Hi,

I have ENS 10.5.3 and as per our security department request to fully scan any plugged-in USB once we enable it from DLP, so is there any configuration from ENS to scan full USB by force once plugged and shows the process of scanning, so the user can provide it to us.

Thanks

6 Replies
jess_arman
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Scan USBs once pluggedin

@kbugshan ENS does not have the ability to detect and scan USBs once plugged in. Files on the USB would only be scanned once accessed by the system or a user. 

In order to have the USB actioned in some form immediately following insertion, you will need to look towards a separate product offering; McAfee File and Removable Media Protection. You can review what features are provided the Product Guide in PD28044.
If you are not yet licensed for this product, you can discuss options with your local Sales Representative or your Sales Account Manager (SAM) if you have one.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

kbugshan
Level 7
Report Inappropriate Content
Message 3 of 7

Re: Scan USBs once pluggedin

@ jess_arman

Thanks for your reply. We have DLP as it does not make sense that all McAfee Products that we have can not protect us once USB is plugged, FRP is not an option for us, please we need another existed option on the products that we have.

Thanks

jess_arman
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Scan USBs once pluggedin

@kbugshan You will have to reach out to the DLP community or DLP Support in order to discuss potential options that may be available within the product to get close to what you're looking for. 

    Endpoint Security is an On-Access and On-Demand anti-malware solution. This means that any time an item is accessed or process takes action on the system, it is scanned, or when something is scheduled to be scanned on-demand it will also be scanned.
    Obviously, you cannot predict the time that a USB will be plugged in to schedule a scan against it, nor can you predict the drive letter it would fall under, thus prohibiting ODS as a solution. However, the moment that the system or any user, process, program, etc., attempted to access files on the USB, or if any process, program, or otherwise on the USB attempted to reach out to anything on the system/take action, then it would be scanned by On-access scan. Inert files that are on a USB are harmless to the environment until they attempt to take action.
    As such, it is redundant to have a USB be scanned upon insertion as the files would be scanned once accessed--similar to how scanning archive files in an On-Demand Scan is redundant as they would all be scanned the moment an attempt to extract the archive is performed.

    Does this help better clarify the crux of the situation in regards to the recommendations I can provide?

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

tzemva
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Scan USBs once pluggedin

Hi @kbugshan

Running automatic ODS scans on USB is not an option. The issue is that if you insert a 2 TB external drive you might experience very high resources utilization for long time due to us scanning the content of USB Drive.

Content of the USB drive will be scanned on read/write actions by On Access Scanner anyway.

kbugshan
Level 7
Report Inappropriate Content
Message 6 of 7

Re: Scan USBs once pluggedin

Hi @tzemva

No issue to do so as that is a request from SOC Department, would you please let me know how to do so? And would that effect any drives other than USBs.

tzemva
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: Scan USBs once pluggedin

Hi @kbugshan

Currently it is not possible to perform automatic ODS scans when USB drive is connected. If you believe we should have this option please submit a new Product Idea request:

How to submit a new Product Idea (Product Enhancement Request)
Technical Articles ID: KB60021
https://kc.mcafee.com/corporate/index?page=content&id=KB60021

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community