Showing results for 
Search instead for 
Did you mean: 
Level 7

HIPS 8 with Win 7 x64 and Sig 1157

Hi all, I an doing some testing using SIG 1157 as I need to block any USB storage device from mounting on a set of machines.  Machines are running  After enabling it, I can still mount a usb storage device, and can see the keys being created in the following registry hive. \REGISTRY\MACHINE\SYSTEM\CONTROLSET\SERVICES\USBSTOR\ENUM.

I am stopped from creating new KEYS, but not from creating new values.  It looks like no new KEYS are created under ENUM when a new USB device is connected, just some new values.  Alerts are generated by HIPS when a new KEY is attempted tpo be created.

I have had a look at KB52372 (related to XP) and tried this, but nothing different.

The HIP content support directive does show (KB51504) Signature 1157 as being supported on Win 7 x64. 

Any suggestions please. 

Also, Device control is not an option at the moment.  I just need a brute force option to stop all USB memory devices. 

Thanks all.


0 Kudos