1 2 3 Previous Next 23 Replies Latest reply: Jul 29, 2013 3:52 AM by ynod RSS

    Trouble blocking SD chips?

    Mindcrime

      I'm having some issues getting SD chips blocked in the device management section. I'm able to successfully block other types of removable storage, but I can't get a policy working in the removable storage or P&P sections to work that successfully block FAT16/32 based SD chips. Anyone have any ideas I could try?

       

      EDIT: Also, I'm trying to use some pretty general definitions so I don't have to go in and specify exact models or manufacturers of chips.

       

       

      Message was edited by: Mindcrime on 1/5/10 3:49:07 PM GMT-06:00
        • 1. Re: Trouble blocking SD chips?
          jstanley

          The following info would be helpful:

          • Are you using a tag-based rule or a straight-forward blocking rule?
          • What kind of protection rule are you using? Mass storage device or PnP?
          • Do these chips show up with an associated drive letter or do they just appear in "My Computer" as a device?
          • How are you defining these chips? (partial VID? Device Class? etc)

           

          Thanks!

           

           

          Message was edited by: Jeremy Stanley on 1/6/10 9:36:36 AM CST
          • 2. Re: Trouble blocking SD chips?
            Mindcrime

            I ended up resolving this myself, although I'm not thrilled with the results. The only way I could get the device to be blocked was to create a P&P device definition that blocked the "Windows Portable Devices" device class. There were no removeable media options that I could find that would work, which is a shame.

             

            The SD chip showed up as removable storage in Windows 7 with a drive letter assigned to it, just like any other USB stick or other such device. Not entirely sure why it was so hard to define and block this device when it was so easy to block everything else.

             

            To answer your questions:

            Are you using a tag-based rule or a straight-forward blocking rule?

            Tagging didn't come into this at all, I'm only dealing with device management/blocking at this time.

             

            What kind of protection rule are you using? Mass storage device or PnP?

            I mentioned this in my initial post, I tried both but was hoping for mass storage since the options are more flexible there.

             

            Do these chips show up with an associated drive letter or do they just appear in "My Computer" as a device?

            Both, no different than any other device, USB or otherwise.

             

            How are you defining these chips? (partial VID? Device Class? etc)

            I mentioned this in my first post too, I was trying to not device anything specific to my test SD chip (like manufacturer) because I want the rule to apply to any SD chip. I prefer to be general with rule applications so I catch as much as possible and I'll make exceptions or changes as needed.

            • 3. Re: Trouble blocking SD chips?
              jstanley

              Do these chips show up with an associated drive letter or do they just appear in "My Computer" as a device?

              Both, no different than any other device, USB or otherwise.

               

              This point is critical. Not all devices that you can copy files to show up in "My Computer" with an associated drive letter (iPods for example do not). Mass storage device rules will not work unless the device has a drive letter assignment. If the device does have a drive letter assignment and it a mass storage device rule will not work then that particular device is not being recognized as a mass storage device for some reason. I'd have to have more details on exactly how the device appears in device manager to figure out why exactly that is.

              • 4. Re: Trouble blocking SD chips?
                Mindcrime

                It shows up in Windows 7 with a drive letter and is listed under the "Portable Devices" section of Windows device manager.

                • 5. Re: Trouble blocking SD chips?
                  jstanley

                  Then it must not be recognized as a mass storage device for some reason. When you plug the device in where does it appear in device manager? The flash drive I use to test with for example shows up under the Disk drives section in device manager which is odd because their is technically no disk involved

                   

                   

                  Message was edited by: Jeremy Stanley on 1/6/10 12:43:52 PM CST

                   

                   

                  Message was edited by: Jeremy Stanley on 1/6/10 12:44:13 PM CST
                  • 6. Re: Trouble blocking SD chips?
                    Mindcrime

                    Windows 7 categorizes your drives when you double click on My Computer - mine has "Hard Disk Drives", "Devices With Removable Storage", and "Network Drives". This device shows up under Devices With Removable Storage and the drive letter E:. I already mentioned where it shows up in Windows device manager, it's under "Portable Devices".

                    • 7. Re: Trouble blocking SD chips?
                      SafeBoot

                      It's interesting to note - what exactly were you plugging it into?

                       

                      I imagine you have an SD slot on your laptop or something - remember, an SD card is most certainly not a USB storage device, the two are very different things indeed. The SD device on your laptop is always there, it, like a floppy disk of old, just does not have media in it sometimes.

                       

                      confusing I know, and yes, you may rightly claim that it's the software's problem not yours to work this out, but perhaps it makes it clearer why things are not working the way you expect.

                      • 8. Re: Trouble blocking SD chips?
                        Mindcrime

                        It is indeed a SD card reader on my laptop.

                         

                        I have a pretty broad rule that blocks almost everything that you would see in your environment under the removable storage rule. It blocks all bus types and almost all file systems. I guess the problem here is that the SD card reader, and thus the media that gets plugged in to it, doesn't fit the criteria to match any of these bus types. Even though this is clearly removable media, and a pretty common type of removable media, the interface that you use to access it on your PC doesn't fall under the bus type categories that most other common removable storage use (USB, etc.).

                        • 9. Re: Trouble blocking SD chips?
                          jstanley

                          I do apologize I thought you meant it showed up under "Portable devices" in "My Computer" my mistake. I suspect that is why the mass storage device rule is not detecting the device. Well to be clear if a simply defined mass storage device rule is not blocking the device but a similarly defined PnP rule is then that is going to be the case I was just trying to figure out exactly why we were not detecting this device as a mass storage device.

                          1 2 3 Previous Next