Block USB writing policy doesn't work to network sharing USB drive.

book

Article ID: 156735

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Can not Block Writing to USB drives through the Network share

1. Apply the application control rule sets "Block writing to USB drives" to the client.
2. Insert the USB drive to the client and the drive displays "Drive *" on "My Computer".
3. Right click the "*" drive and share this drive, add "full control" permissions.
4. Access this USB drive "*" through the network share from local PC. 
5.USB drive can be writen . 

Resolution

This is a known issue. it is by_design.
Our OSP based on process information in user mode. we can block the user mode program read and write usb. but if using network share usb, the action of writing and reading are completed by kernel mode. so we can't block it. even using "File mon" can't find it read or write actions.


Applies To

SEP 11.*

SEP12.*