2 Replies Latest reply on Aug 20, 2012 10:48 AM by challiwag

    Device Control rule - Block USB if infected (Is this possible)

    DarrenFord

      Hi All,

       

      I am rather new to device control and I have a customer who would like to block USB devices if they are infected with a virus.

       

      We are using Device control 9.2 and its running via ePO 4.5

       

      Thanks in advance...

      Regards

      Darren

        • 1. Re: Device Control rule - Block USB if infected (Is this possible)

          No, this is not possible - DLP would have to scan every file on the device prior to making a decision whether to block it or not - this could take minutes/hours depending on the capacity.

           

          By which time the user will have either given up and called support to ask why their device was not working, or infected their machine.

          • 2. Re: Device Control rule - Block USB if infected (Is this possible)
            challiwag

            Well, you could do something funky using results coming back from on access scanner.

            Something along the line of if malware is found apply a tag to the machine, then you could assign a policy based on a tag, this policy could be to block all removable media.

            Not sure how fast it would all work, sounds good in theory, not sure in practice.

            Think you would have to use ePO 4.6 as well, cant remember if you can assign policies based on tags in 4.5

             

            Message was edited by: challiwag on 20/08/12 10:48:36 CDT