• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3423
  • Last Modified:

Alert when USB key is connected

Hi,

We recently published policy forbidding USB key use on all company computers.  It appears that some users are ignoring the policy and continuing to use it and infecting computer with viruses.  We are using SEP 11.0.5021.385 and and it appears that device control portion of the software can block some or all USB keys.

At this point we don't to star actively blocking USB devices but would like to setup some type of an alert that when an external storage device is connected an administrative alert is generated. Is anyone aware if this is possible and how ?

Thank you,
Alex
0
alexL3
Asked:
alexL3
  • 2
  • 2
  • 2
  • +2
3 Solutions
 
mrroonieCommented:
you don't need symantec to do it - you could block use of them via group policy - http://www.petri.co.il/disable_usb_disks_with_gpo.htm



this may help too - http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
0
 
mrroonieCommented:
sorry, missed the first line of my post - not sure of any program that would alert you to their use, it would only be on the actual pc
0
 
jhalapradeepCommented:
Hi,

First of all make sure the policy is setup as mentioned in this document:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/b54beb2f46268ccc882574e80052960f?OpenDocument

using Device ID or fingerprint will be  more effective in this type of cases:

=> For notification:
1) You can schedule a report or monitor it from monitors tab,
2) Once on monitor's tab.. select logs, and select type as application and device control.
3) Now select device control and click on view log it will show you activities for device control
4) You can also schedule a report for  the same from reports tab.
5) From monitors tab you may configure the notification condition for this activity as well. so that a mail can be sent to a specified addres..
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008031219333348

regards,
Pradeep Jhala
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
alexL3Author Commented:
jhalapradeep:

Is it possible to allow all drives and only generate an alert?  

0
 
jhalapradeepCommented:
Hi,

Basic thing is that to get the alert or notification, there should be an application and device control policy enabled on the clients.
And in device control, you have option to block device and log blocked device but no logging for allowed device.
-> Still what you can do is you can use application control policy and select the appropriate action for the USB activity.
-> you in advanced you can also slect multiple options, like launch attemp, dll attempts and then in action field you can select "allow" and then also log the event or sent email option.

If you want to enable email notifications for application and device control events please follow these steps:
1) Create a device control policy to block USB.
2) Now goto monitors tab
3) Click on notification and click on Notification conditions button
4) Now click on add and select Client security Alert option
5) When this window opens, you will find application control events and device control events.
6) So once configured, whenver there is such event an email will be sent to configured email id.

Regards,
Pradeep Jhala
0
 
jimmymcp02Commented:
in case you have not configure your sep manager to connect to a mail server follow this kb
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008032116480748 
0
 
xmachineCommented:
0
 
alexL3Author Commented:
None of these solutions, while good and helpful in getting me in the right direction, actually solved my issue... but Thanks all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now