ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to block CD/DVD Writing in Windows 7

book

Article ID: 151515

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Blocking imapi.exe no longer blocks CD/DVD writing in Windows 7 like it once did in Windows XP.

CD or DVD writing continues without restriction.

Cause

SEP cannot block CD/DVD writing directly. This is a known limitation of ADC, documented in the Administration Guide for Symantec Endpoint Protection and Symantec Network Access Control.

Resolution

To work around this problem, Create an Application and Device Control policy that blocks the specific DLLs that write to CD or DVD drives.

  1. Log into the Symantec Endpoint Protection Manager (SEPM).
  2. Click on Policies.
  3. Select Application and Device Control.
  4. Click Add an Application and Device Control policy.
  5. Type in a context-relevant Policy name, e.g. "Block CD-DVD burning on Windows 7".
  6. Click on Application Control in left-hand pane. In the right-hand pane under "Application Control Rule Sets" click Add.
  7. Click on the Add button at bottom of Rules and from popup menu select Add Condition and File and Folder Access Attempts.
  8. Click Properties.
  9. Type a context-relevant Name for this condition, e.g. "Block accesses to IMAPIv2 DLLs".
  10. To right of Apply to the following files and folders click Add.
  11. Add the following filepaths for File or Folder Name to Match, clicking OK after each and repeating Add in previous step.

    %SystemRoot%\SysWOW64\imapi2.dll
    %SystemRoot%\SysWOW64\imapi.dll
    %SystemRoot%\SysWOW64\imapi2fs.dll
    %SystemRoot%\System32\imapi2.dll
    %SystemRoot%\System32\imapi.dll
    %SystemRoot%\System32\imapi2fs.dll

  12. Click on the Actions tab and select Block Access in both of the "Read Attempt" and "Create, Delete, or Write Attempt" sections.
  13. Click on the Add button at bottom of Rules  and from popup menu select Add Condition and File and Folder Access Attempts.
  14. Click Properties.
  15. Type a context-relevant Name for this condition, e.g. "Block all but read attempts on CD-DVD drive".
  16. To right of Apply to the following files and folders click Add.
  17. Add a single asterisk ( * ) for File or Folder Name to Match.
  18. Check Only match files on the following drive types.
  19. Check only the CD/DVD drive checkbox.
  20. Click on OK.
  21. Click on the Actions tab, select Continue processing other rules for "Read Attempt" section, and select Block Access and check Enable logging in the "Create, Delete, or Write Attempt"section.
  22. Click on OK.
  23. Click on the Add button at bottom of Rules and from popup menu select Add Condition and Launch process Attempts.
  24. Click Properties.
  25. Type a context-relevant Name for this condition, e.g. "Block ISO burning"
  26. Check Enable this condition.
  27. To right of Apply to the following processes click Add.
  28. Add the following Process name to match:

    isoburn.exe

  29. Click OK.
  30. Click on the Actions tab and select Block Access.
  31. Check Enable logging.
  32. Click on OK.
  33. Save the policy and assign it to any desired groups.

If you check Enable logging, processing that is blocked or permitted is recorded in the control log of the SEP client.
When you burn a disk from a disk image (including burning by using Mastered format of Windows OS), the drive name is recorded as the file name written in the control log.

 

 

 

Attachments

Block CD-DVD burning on Windows 7.dat get_app