Hi,
I have ENS 10.5.3 and as per our security department request to fully scan any plugged-in USB once we enable it from DLP, so is there any configuration from ENS to scan full USB by force once plugged and shows the process of scanning, so the user can provide it to us.
Thanks
@kbugshan ENS does not have the ability to detect and scan USBs once plugged in. Files on the USB would only be scanned once accessed by the system or a user.
In order to have the USB actioned in some form immediately following insertion, you will need to look towards a separate product offering; McAfee File and Removable Media Protection. You can review what features are provided the Product Guide in PD28044.
If you are not yet licensed for this product, you can discuss options with your local Sales Representative or your Sales Account Manager (SAM) if you have one.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
@ jess_arman
Thanks for your reply. We have DLP as it does not make sense that all McAfee Products that we have can not protect us once USB is plugged, FRP is not an option for us, please we need another existed option on the products that we have.
Thanks
@kbugshan You will have to reach out to the DLP community or DLP Support in order to discuss potential options that may be available within the product to get close to what you're looking for.
Endpoint Security is an On-Access and On-Demand anti-malware solution. This means that any time an item is accessed or process takes action on the system, it is scanned, or when something is scheduled to be scanned on-demand it will also be scanned.
Obviously, you cannot predict the time that a USB will be plugged in to schedule a scan against it, nor can you predict the drive letter it would fall under, thus prohibiting ODS as a solution. However, the moment that the system or any user, process, program, etc., attempted to access files on the USB, or if any process, program, or otherwise on the USB attempted to reach out to anything on the system/take action, then it would be scanned by On-access scan. Inert files that are on a USB are harmless to the environment until they attempt to take action.
As such, it is redundant to have a USB be scanned upon insertion as the files would be scanned once accessed--similar to how scanning archive files in an On-Demand Scan is redundant as they would all be scanned the moment an attempt to extract the archive is performed.
Does this help better clarify the crux of the situation in regards to the recommendations I can provide?
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Hi @kbugshan
Running automatic ODS scans on USB is not an option. The issue is that if you insert a 2 TB external drive you might experience very high resources utilization for long time due to us scanning the content of USB Drive.
Content of the USB drive will be scanned on read/write actions by On Access Scanner anyway.
Hi @tzemva
No issue to do so as that is a request from SOC Department, would you please let me know how to do so? And would that effect any drives other than USBs.
Hi @kbugshan
Currently it is not possible to perform automatic ODS scans when USB drive is connected. If you believe we should have this option please submit a new Product Idea request:
How to submit a new Product Idea (Product Enhancement Request)
Technical Articles ID: KB60021
https://kc.mcafee.com/corporate/index?page=content&id=KB60021
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA