Hi all, I an doing some testing using SIG 1157 as I need to block any USB storage device from mounting on a set of machines. Machines are running After enabling it, I can still mount a usb storage device, and can see the keys being created in the following registry hive. \REGISTRY\MACHINE\SYSTEM\CONTROLSET\SERVICES\USBSTOR\ENUM.
I am stopped from creating new KEYS, but not from creating new values. It looks like no new KEYS are created under ENUM when a new USB device is connected, just some new values. Alerts are generated by HIPS when a new KEY is attempted tpo be created.
I have had a look at KB52372 (related to XP) and tried this, but nothing different.
The HIP content support directive does show (KB51504) Signature 1157 as being supported on Win 7 x64.
Any suggestions please.
Also, Device control is not an option at the moment. I just need a brute force option to stop all USB memory devices.