2 Replies Latest reply on Sep 2, 2015 4:48 AM by bretzeli

    DLP 9.3.400.23 SD-Card in HP 6300 22in1 Media Card Reader

    bretzeli

       

      DLP 9.3.400.23 SD-Card in HP 6300 22in1 Media Card Reader

       

      Hello,

       

        * DLP 9.3.400.23 / Win7 64BIT ALL Windows Updates, Immidio Flexprofiles, APPDATA Redirection

      * Sample HP 6300 with 22in1 media Card Reader (Will also be same discussion with laptops they have)

      * Existing Forum entry’s where all read as example we on our side see "USBTSOR/DISK" and NOT as in forum "USBSTOER/DISK_SD" so I’m even more afraid of blocking on that ID (because just /DISK)

      * We have a removable Device RULE we include USB AND FAT16/32

      * We have a removable Device RULE we exclude USB and Volume Serial Number: FFFF-FFFF  (Which is the empty reader)

        

      Both stripped down to make it more overview in debug to what we think is needed do difference the CARD-READER from the Media

        

      * We have around 10 Device Definition with Exact the specs from the Media Card changer to exclude/include

      * If the SD card goes in and OUT > In Hardware manager nothing appears or disappears but you can access the SD-card! That’s different to the forum blogs.

       

       

      With the TWO rules i don't see an Event when something is inserted. We have alerts / Notification running. And if we change something the process is working (As test to see if all works fine from structure)

      Both have been more complex. But we stripped down for error analyse now.

       

       

      Problem:

       

       

      - Customer wants to keep the 22in1 Media card Reader

      - All removable shall be protected also SD-cards

      - On a machine without intervention we have periodic DLP events on the Card Readers by the machine itself (Some standby or Hibernate or check itself > Most process are excluded who could to that). We stripped GPO, Clients, Third Part, Excluded all mcafee itself but still came in interval unclear. Some kind of Refresh of the 22in1 itself. Maybe USB Hub Power standby which gets cimplicated to Solve with GPO or Power profiles.

       

       

      Welcome and open to any help or tips ;-)

       

       

      Greetings from a Mcafee Partner.

       

       

       

       

      That we WANT:

      Header 1

       

      Device Class GUID: 4D36E967-E325-11CE-BFC1-08002BE10318 

       

      Device Class Name: Laufwerke 

       

      Device Name: Generic- USB3.0 CRW-SD USB Device 

       

      Device Compatible ID: FFF 

       

      Device Instance ID: USBSTOR\Disk&Ven_Generic-&Prod_USB3.0_CRW-SD&Rev_1.00\201305311000&1 

       

      Bus Type: USB 

       

      Vendor ID: 0BDA 

       

      Product ID: 0301 

       

      USB Serial Number: 201305311000 

       

      USB Class: 08h - Mass Storage 

       

      Device File-System Access: Read - Write 

       

      Volume Serial Number: 1B19-6341 

       

      Device File System Type: FAT32 

       

      That is the Event from CARD 22in1 we DONT want

       

      Device Class GUID: 4D36E967-E325-11CE-BFC1-08002BE10318 

       

      Device Class Name: Laufwerke 

       

      Device Name: Generic- USB3.0 CRW-CF/MD USB Device 

       

      Device Compatible ID: USBSTOR\Disk

       

      Device Instance ID: USBSTOR\DISK&VEN_GENERIC-&PROD_USB3.0_CRW-CF/MD&REV_1.00\201305311000&0 

       

      Bus Type: USB 

       

      Vendor ID: 0BDA 

       

      Product ID: 0301 

       

      USB Serial Number: 201305311000 

       

      USB Class: 08h - Mass Storage 

       

      Device File-System Access: Read - Write

       

      Volume Serial Number: FFFF-FFFF 

       

       

       

       

       

       

      Forum:

      Re: Trouble blocking SD chips?

        • 1. Re: DLP 9.3.400.23 SD-Card in HP 6300 22in1 Media Card Reader

          SD cards are not USB sticks - in a USB Stick, the storage and controller are integrated together - that's why each one appears as a device. An SD Card, the controller is always in your PC - it's like a floppy disk, in that you insert media - you don't insert a device.

           

          So you're not going to be able to control SD Cards with a USB rule, well, unless you block the entire 22in1 device.

           

          Now to add a level of complexity, some multi-card readers emulate a usb drive for sd cards (you might have this one) - but as you can see, they present them as a generic device - so you might not be able to differentiate between a generic USB stick, and an inserted SD card.

           

          What "protection" are you trying to apply? What's the behavior you are trying to achieve?

          • 2. Re: DLP 9.3.400.23 SD-Card in HP 6300 22in1 Media Card Reader
            bretzeli

            Hello Simon, Is see you live in Naples.The beaches there and Sanibel Island are my favorite holiday destination (Just the public little beach the rest in can't afford ;-) if i have ever time to get to Florida.

             

            * The DLP function itself should primary not be used at this stage

            * The customer wants to Block any USB/Portable Media for READ & WRITE mainly to controll Malware coming into the box

            * The version they have is the HP22in1 Media Card Reader on different HP 6XXX HP Models

            * We enver sell or use Mediacrd Reader HP modell for corporate customers. They customer has bought the clients himself and that's what happens

            * He still would like to use the Media Card Reader on some clients

             

            "Now to add a level of complexity, some multi-card readers emulate a usb drive for sd cards"

            Yes and there is also the refresh or Standby effect which appears every X hours we seen. We first though it was related to GPO refresh. This generated Events which we don't want.