2 Replies Latest reply on Aug 27, 2012 12:03 PM by Sean Slattery

    Automatic scan of USB-discs

      Hi,

       

      we want to automatically scan usb-drives when the stick is connected with the PC.

       

      For that, we can use an 3rd-party prog which can start a batch-job when the stick is connect.

       

      So we want to use the command-line commands for initiate a specific scan with VSE 8.8, but for this command it seems to be neccessary that a task is created locally on each PC.

      Normally we create task for updates etc via ePo 4.6. So my question: is there a way to start the client-task created at epo via command line? Or can we find the task on our local machine?

       

      Kind regards

      Sebastian

        • 1. Re: Automatic scan of USB-discs
          petersimmons

          You may want to think hard about doing this. In other words, you probably don't want to do this.

           

          1. Virus Scan will scan the files as they are accessed. If they aren't accessed then who cares? If they are accessed then VSE covers it. It also covers anything that attempts to auto-run.

          2. USB scanning is a major hit to the CPU. It has to do with the way USB works (I can elaborate if you really need)

          3. what happens when someone sticks in a 2 TB drive and now the On Demand Scan takes hours to complete?

           

          I think this is something you REALLY want to reconsider. If you make it work you will annoy your endusers and you won't actually improve security at all. How can I help you reconsider?

          • 2. Re: Automatic scan of USB-discs
            Sean Slattery

            I agree with Peter's points. Clients often ask me about this as well. While you can modify Windows settinsg such as autorun and default programs association, they require autorun which is a commonly exploited mechanism and now disabled by default.

             

            If removable storage is a significant concern for you, I would suggest you start with a good business policy backed up with the ability to enforce rules using Device Control (DEC). DEC is a common component of most endpoint suites and has a very nice function which is the ability to prevent accessing executable files on removable media. If the executable (malware) cannot be executed, then you are significantly more secure. You can share all the data you want e.g. pdfs, MS Office files, but no applications. It also mitigates the problem of users brining portable browsers on removable media in order to bypass corporate web controls.

             

            I work with many clients who initially deploy DEC in the background and monitoring mode first in order to understand what the actual usage is of removable devices. If you have DEC deployed on all endpoints, if you were to experience an outbreak, you would have the mechanism in place to immediately contain the situation.

             

            In the absence of business policies, the information learned is often key to forming and obtaining business unit buy-in to stronger controls.