alexL3
asked on
Alert when USB key is connected
Hi,
We recently published policy forbidding USB key use on all company computers. It appears that some users are ignoring the policy and continuing to use it and infecting computer with viruses. We are using SEP 11.0.5021.385 and and it appears that device control portion of the software can block some or all USB keys.
At this point we don't to star actively blocking USB devices but would like to setup some type of an alert that when an external storage device is connected an administrative alert is generated. Is anyone aware if this is possible and how ?
Thank you,
Alex
We recently published policy forbidding USB key use on all company computers. It appears that some users are ignoring the policy and continuing to use it and infecting computer with viruses. We are using SEP 11.0.5021.385 and and it appears that device control portion of the software can block some or all USB keys.
At this point we don't to star actively blocking USB devices but would like to setup some type of an alert that when an external storage device is connected an administrative alert is generated. Is anyone aware if this is possible and how ?
Thank you,
Alex
sorry, missed the first line of my post - not sure of any program that would alert you to their use, it would only be on the actual pc
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
jhalapradeep:
Is it possible to allow all drives and only generate an alert?
Is it possible to allow all drives and only generate an alert?
Hi,
Basic thing is that to get the alert or notification, there should be an application and device control policy enabled on the clients.
And in device control, you have option to block device and log blocked device but no logging for allowed device.
-> Still what you can do is you can use application control policy and select the appropriate action for the USB activity.
-> you in advanced you can also slect multiple options, like launch attemp, dll attempts and then in action field you can select "allow" and then also log the event or sent email option.
If you want to enable email notifications for application and device control events please follow these steps:
1) Create a device control policy to block USB.
2) Now goto monitors tab
3) Click on notification and click on Notification conditions button
4) Now click on add and select Client security Alert option
5) When this window opens, you will find application control events and device control events.
6) So once configured, whenver there is such event an email will be sent to configured email id.
Regards,
Pradeep Jhala
Basic thing is that to get the alert or notification, there should be an application and device control policy enabled on the clients.
And in device control, you have option to block device and log blocked device but no logging for allowed device.
-> Still what you can do is you can use application control policy and select the appropriate action for the USB activity.
-> you in advanced you can also slect multiple options, like launch attemp, dll attempts and then in action field you can select "allow" and then also log the event or sent email option.
If you want to enable email notifications for application and device control events please follow these steps:
1) Create a device control policy to block USB.
2) Now goto monitors tab
3) Click on notification and click on Notification conditions button
4) Now click on add and select Client security Alert option
5) When this window opens, you will find application control events and device control events.
6) So once configured, whenver there is such event an email will be sent to configured email id.
Regards,
Pradeep Jhala
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
None of these solutions, while good and helpful in getting me in the right direction, actually solved my issue... but Thanks all.
this may help too - http://support.microsoft.com/default.aspx?scid=kb;en-us;823732