5 Replies Latest reply: Jan 9, 2014 7:13 AM by rmetzger RSS

    Automatic USB scan

    romainl

      Happy new year to everybody.

       

       

      I work in a french hospital. We use McAfee Enterprise 8.8.

       

      Doctors use more and more usb flash drives, and i guess that can cause some problems. Is there a possibility to set-up an automatic scan when the user inserts the drive, before he can use it ? If so, can you tell me how to do it (or at least, give me a link to a documentation - tutorial, i didn't find it !)

       

      If not, i will have to disable all USB ports but i'm not sure people will like this solution

       

      Thanks a lot,

       

      Ce message a été modifié par: romainl on 07/01/14 03:52:29 CST
        • 1. Re: Automatic USB scan
          Ex_Brit

          Moved to VSE for better support.

          • 2. Re: Automatic USB scan
            rmetzger

            Hi romainl

             

            Welcome to the forums.

            romainl wrote:

             

            I work in a french hospital. We use McAfee Enterprise 8.8.

             

            Doctors use more and more usb flash drives, and i guess that can cause some problems. Is there a possibility to set-up an automatic scan when the user inserts the drive, before he can use it ? If so, can you tell me how to do it (or at least, give me a link to a documentation - tutorial, i didn't find it !)

             

            If not, i will have to disable all USB ports but i'm not sure people will like this solution

            Scanning entire USB (flash) drives 'automatically' is not very effective at stopping malware. It is very effective at killing performance and making USB drives useless. Performance issues with the USB interface, coupled with the recent incredible sizes of new USB attached drives can make scanning the entire drive so painfully slow that your doctors would find the system unusable.

             

            A better strategy is to scan all files upon Read and Write to the drive. As long as this is done, scanning the entire external drive is simply redundant without value. The On-Access Scanner can handle this nicely without the performance penalty of scanning the entire drive. Scanning the entire external drive before allowing access is simply a plecebo scan, used to placate the uninformed or the paranoid.

             

            Make sure that from the Control Panel:

            On-Access Scan Properties>All Processes>Scan Items>Scan Files

                 Check "When reading from disk"

             

            Make the equivalent settings change from ePO if available.

             

            This will ensure that any file on the USB drive is scanned prior to execution (autorun or otherwise).

             

            This setting should be in place regardless of external drives as this is an Absolute Requirement for stopping many forms of malware, for internal drives too.

             

            In addition, make sure that from the Control Panel:

            On-Access Scan Properties>All Processes>Scan Items>Scan Files

                 Check "When writing to disk"

             

            to ensure that files written to the USB drive are scanned during the write process.

             

            These 2 settings should protect against spreading malware when keeping the signature files completely up to date.

             

            Of course a bigger problem is the loss of control of information sent to a USB drive out of the control of Security. Are doctors taking this info home? What is the security status of the non-hospital controlled PCs that these drives are subsequently used? Can you ensure patient privacy?

             

            So, possibly disabling USB ports may be a solution. Check out McAfee DLP (Data Loss Prevention).

             

            Good luck,

            Ron Metzger

             

            Message was edited by: rmetzger on 1/8/14 3:54:50 PM EST

             

            Message was edited by: rmetzger on 1/8/14 4:03:32 PM EST
            • 3. Re: Automatic USB scan
              rmetzger

              Hi romainl,

               

              Check out this Entire thread for some good info.

              https://community.mcafee.com/thread/51185?start=0&tstart=0

               

              Ron Metzger

              • 4. Re: Automatic USB scan
                romainl

                Thanks a lot !

                • 5. Re: Automatic USB scan
                  rmetzger

                  Your welcome, and good luck.

                   

                  Ron Metzger