Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automatic scan of USB-discs


we want to automatically scan usb-drives when the stick is connected with the PC.

For that, we can use an 3rd-party prog which can start a batch-job when the stick is connect.

So we want to use the command-line commands for initiate a specific scan with VSE 8.8, but for this command it seems to be neccessary that a task is created locally on each PC.

Normally we create task for updates etc via ePo 4.6. So my question: is there a way to start the client-task created at epo via command line? Or can we find the task on our local machine?

Kind regards


2 Replies

Re: Automatic scan of USB-discs

You may want to think hard about doing this. In other words, you probably don't want to do this.

1. Virus Scan will scan the files as they are accessed. If they aren't accessed then who cares? If they are accessed then VSE covers it. It also covers anything that attempts to auto-run.

2. USB scanning is a major hit to the CPU. It has to do with the way USB works (I can elaborate if you really need)

3. what happens when someone sticks in a 2 TB drive and now the On Demand Scan takes hours to complete?

I think this is something you REALLY want to reconsider. If you make it work you will annoy your endusers and you won't actually improve security at all. How can I help you reconsider?


Re: Automatic scan of USB-discs

I agree with Peter's points. Clients often ask me about this as well. While you can modify Windows settinsg such as autorun and default programs association, they require autorun which is a commonly exploited mechanism and now disabled by default.

If removable storage is a significant concern for you, I would suggest you start with a good business policy backed up with the ability to enforce rules using Device Control (DEC). DEC is a common component of most endpoint suites and has a very nice function which is the ability to prevent accessing executable files on removable media. If the executable (malware) cannot be executed, then you are significantly more secure. You can share all the data you want e.g. pdfs, MS Office files, but no applications. It also mitigates the problem of users brining portable browsers on removable media in order to bypass corporate web controls.

I work with many clients who initially deploy DEC in the background and monitoring mode first in order to understand what the actual usage is of removable devices. If you have DEC deployed on all endpoints, if you were to experience an outbreak, you would have the mechanism in place to immediately contain the situation.

In the absence of business policies, the information learned is often key to forming and obtaining business unit buy-in to stronger controls.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community