Problem to OfficeScan

Hi,
Is there a way to resolve the lock from OfficeScan of TrendMicro, to access USB hard-drive?
LVL 11
HuaMin ChenSystem AnalystAsked:
Who is Participating?
 
btanExec ConsultantCommented:
The block is part of Officescan device control data protection scheme. USB is part of its monitoring device interface regardless data protection activation state. See this useful overview which the below pts will be alluding to.
e.g. http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_olhsrv/ohelp/device/dctrl.htm

First, it is to make sure the unblocking is to sieve out any false positive and the device log may be a good area to see the block of "unauthorised" access
e.g. http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_olhsrv/ohelp/device/dctrllog.htm#XREF_47420_Device_Control_Logs

Second, consider to block access to all USB storage devices, except those that have been added to the list of approved devices. you can use Device list tool to get the vendor and product id to include it in the exception list of approved device to allow (and block the rest of other USB).
e.g. http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_olhsrv/ohelp/data/devlisto.htm#XREF_86289_Device_List_Tool

Minimally I suggest having to block autorun from USB drive (thumbdrive, HDD, etc)
e.g. http://esupport.trendmicro.com/Pages/Using-Device-Access-Control-to-protect-your-computer-against-Autorun-malware.aspx
e.g. https://akbaraji.wordpress.com/2013/06/05/trend-micro-officescan-block-usb-storage-device/

Third, consider other permission instead of direct block for more granular permission setting such as read only, etc if there are constant request or based on the workstation usage purpose and authorised scope of work . Typically for reference, Officescan recommend below for USB and other media type.
For Plugin Devices like USB drives, set permission to Read and Write Only.
For Optical Disk like CDROM drives, set permission to Read and Execute Only.
For Floppy drives, set permission to Read and Write Only.
For Network Resources such as mapped drives, set permission to Read Only.
0
 
HuaMin ChenSystem AnalystAuthor Commented:
Many thanks Btan. where should I adjust its permission to Read and Write, due to this problem below?
25a
0
 
btanExec ConsultantCommented:
Should be under Device Control setting, see under
To manage access to external devices (Data Protection activated):
To manage access to external devices (Data Protection not activated):
To configure Device Control:
Log on to the OfficeScan management console
Go to any of the following:
For OfficeScan 10.x: Go to Networked Computers > Client Management and then select the target agents or domains from the client tree.
For OfficeScan 11.0: Go to Agents > Agent Management, and then select the target clients or domains from the client tree.
On the toolbar above the client tree, click Settings > Device Control Settings.
http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_olhsrv/ohelp/device/dctrl.htm

There is also a screen capture on the permission under the internal client in below
https://akbaraji.wordpress.com/2013/06/05/trend-micro-officescan-block-usb-storage-device/

Note: Device Control is available only on computers running x86(32-bit) type platforms.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.