<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

USB Security under Microsoft Windows

Published on
10,206 Points
4,106 Views
1 Endorsement
Last Modified:
Approved
Protect the USB storage device
To disable write access only to USB storage devices (XP SP2 and above only!) set:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies

add:

DWORD: WriteProtect=1

Open in new window

To disable remove the DWORD value or set it to 0 (zero).

Preventing your USB drive from auto-infecting
Even if the computer is protected it could still become infected on other computers and have a malware autorun.inf and related files added to it, there are two ways to deal with it:

1) Use the following bat file to protect or unprotect your USB drive.  The imbedded instructions assume you named this file usbarpro.bat
@echo off
cls
if [%1]==[p] goto prot-prot
if [%1]==[P] goto prot-prot
if [%1]==[u] goto prot-unprot
if [%1]==[U] goto prot-unprot
::above - check protect or unprotect
goto prot-about
:prot-prot
if exist %2:\autorun.inf goto prot-bad
::file already exists - break out
md %2:\autorun.inf
::make dir
md \\.\%2:\autorun.inf\CON
::make illegal file names below
echo www.kalman.co.il>\\.\%2:\autorun.inf\CON\PRN
echo www.kalman.co.il>\\.\%2:\autorun.inf\LPT1
echo www.kalman.co.il>\\.\%2:\autorun.inf\LPT2
::change directory attributes
attrib +s +h +r %2:\autorun.inf
::for ntfs file systems remove everyones rights
echo y|cacls %2:\autorun.inf /t /c /d system >nul
cls
echo y|cacls %2:\autorun.inf /t /c /e /r system >nul
cls
echo Protection activated on drive %2:
goto prot-end
:prot-unprot
echo y|cacls %2:\autorun.inf /t /c /g %username%:f >nul
cls
attrib -s -h -r %2:\autorun.inf
del \\.\%2:\autorun.inf\CON\PRN
rd \\.\%2:\autorun.inf\CON
del \\.\%2:\autorun.inf\LPT1
del \\.\%2:\autorun.inf\LPT2
rd %2:\autorun.inf
echo Protection removed from drive %2:
goto prot-end
:prot-bad
echo Autorun.inf file/directory already exist on drive %2: - Please remove it first!
echo You can also try running this tool with the unprotect option.
echo.
:prot-about
echo Syntax:
echo.
echo To Protect drive E:	usbarpro p e
echo To Unprotect drive E:	usbarpro u e
echo.
echo DO *NOT* TYPE A COLON AFTER THE DRIVE LETTER!!
echo.
:prot-end
echo.
echo.
echo USB Autorun Protect Tool V1.2 - Protect the storage device (FAT/FAT32/NTFS)
echo (C) All Rights Reserved - Erez Kalman - www.kalman.co.il
echo Free for use and distribution, may not be sold/modified in any way!
echo.
echo.
echo on

Open in new window

Note: This USB Security tool (free and open source) bat file is available as a download from the author's site (http://www.kalman.co.il/file-cabinet/usbarpro_v_1_2.rar?attredirects=0)

2) Panda security tool - This tool does NOT allow protection to be removed without fromatting the storage device, unlike the first tool.

Blocking USB storage devices
If this is a new system with no USB storage device ever connected:

Set deny permissions for the user/s and/or group/s to:
%SystemRoot%\Inf\Usbstor.pnf
%SystemRoot%\Inf\Usbstor.inf
It is highly recommended to rename the file names before changing
permissions.

If you aren't sure or know a USB storage device was previously connected:

Either run this on the machine or do what it does, change:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
Key: Start

To: 4 (Hex)

Open in new window

Disabling autorun (autorun.inf) from being run by your computer
IMPORTANT!! Read this page by US-CERT: Systems must have KB953252 (Vista/2008) or KB967715.
If you do not have the KB on all systems, update them and/or use the following method recommended by US-CERT, create a .reg file with:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Open in new window

It is critical to restart the system after updating the registry or deleting the registry key:
     HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

If they have the KB then you can use the official Microsoft method for disabling autorun.

Conficker / Downad virus
You can visit www.kalman.co.il/conficker_downad to use the "eye chart" and see if your computer is infected.
To clean your computer use the McAfee STINGER tool, to scan your network use the McAfee Conficker detection tool.
Remember - ALL computers must be patched, especially with Microsoft patch MS08-67
1
Comment
Author:kaerez
0 Comments

Featured Post

Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Join & Write a Comment

With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month