What file types are blocked in policy "Block programs from running from removable drives [AC2]"

book

Article ID: 172020

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You apply a policy to block applications from starting on removable drives using Symantec Endpoint Protection (SEP).

What file types are blocked?

Resolution

This rule prevents processes from being run on the removable media directly.  This includes all types of files that are considered application files.

This rule does NOT prevent files from being copied to the local drive.  If a user is blocked from running the process on the removable drive, they can still copy the file(s) to the local drive and run the process there.

This rule does NOT block script files or .bat files.  Any file type that has a file association can still start the application on the hard drive.  For example, if opening a .txt file on the removable drive, it will open notepad.exe on the computer.  Same thing as an mp3 file will open Windows Media Player or default player.  Although it does not block scripts from running on the removable media, it will block calls in a script from running a process file located on the removable drive.

To block scripts and other type of files from running on the removable media, another rule must be enabled.  For example, the default rule "Block access to scripts" rule.