This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatic Scan of removable media

Hi,

Is there a way of automatically scanning removable media when attached to a PC? We had an outbreak of conficker a few months back (don't want to go through that again!) and are still getting the odd memory stick attached by teachers that has conficker on. I'd be a lot happier if all memory sticks/USB hard drives were fully scanned each time they were attached!

I am also trying to educate staff to ensure their home PCs are fully protected!

edit - useful info.. We're running Enterprise console 4 and Endpoint security 9

Thanks,

Joe

:691


This thread was automatically locked due to age.
Parents
  • I noticed it hasn't been mentioned here, so I wish to add to this (already closed) post - in relation to Conficker, to prevent autoloading of USB media - disable Autoplay on your network.

    This suggestion has been posted for most of the past year, in this article on removing Conficker:

    http://www.sophos.com/support/knowledgebase/article/51169.html

    Go to section 3, step 2, in the "What to do" part of the page:

    Disable USB Autoplay. This must be done correctly as described in the Microsoft knowledgebasehttp://support.microsoft.com/kb/953252. If this is not done correctly the worm may be able to execute if the USB drive is opened in Explorer or double-clicked from My Computer.

    Generally speaking, opening the drive in Explorer will cause Sophos' On-access scanner to kick in, and the infected file should be found. If policy for Conficker has been set as per above doc, this will alert admins to the infected machine via the Console, and they can kick off a remote scan of the system to confirm no other Conficker files are present.

    Rds,

    Stephen

    :965
Reply
  • I noticed it hasn't been mentioned here, so I wish to add to this (already closed) post - in relation to Conficker, to prevent autoloading of USB media - disable Autoplay on your network.

    This suggestion has been posted for most of the past year, in this article on removing Conficker:

    http://www.sophos.com/support/knowledgebase/article/51169.html

    Go to section 3, step 2, in the "What to do" part of the page:

    Disable USB Autoplay. This must be done correctly as described in the Microsoft knowledgebasehttp://support.microsoft.com/kb/953252. If this is not done correctly the worm may be able to execute if the USB drive is opened in Explorer or double-clicked from My Computer.

    Generally speaking, opening the drive in Explorer will cause Sophos' On-access scanner to kick in, and the infected file should be found. If policy for Conficker has been set as per above doc, this will alert admins to the infected machine via the Console, and they can kick off a remote scan of the system to confirm no other Conficker files are present.

    Rds,

    Stephen

    :965
Children
No Data