Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 7007 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device Control - Locking down USB devices

Stem Admin

Afternoon,

Apologies for the silly question. I'm pretty sure I know the answer but want to get it checked on here. Im in the process of locking down USB devices (memory sticks) for a customer, will blocking read/write access stop the spread of a virus from a USB device to the PC its connected to?

Thanks

Ben



This thread was automatically locked due to age.
Parents
  • 0

    Hello Ben,

    first of all, if it's a known (specifically or generically) threat it will be blocked by On-Access scanning. Then, a virus can't spread by itself - someone must execute something first. Nowadays Autorun is normally disabled but Windows might ask for permission to perform a (potentially dangerous) action - again On-Access should block known threats. Leaves unknown ones and controller/firmware-based malware. The latter might (I say might) find a hole as the device has to interact with the OS before it is known and can subsequently be assessed and blocked. Only physically disabling or removing all external ports would provide total protection - with a general workstation this is unfeasible. 

    So yes, it's increased protection but not absolute.

    Christian

  • 0 in reply to QC

    Thanks for the quick reply Christian. That clears things up. Final question... I presume on-access scanning just scans the OS or will it scan the USB device once its connected to the PC. (Sorry I'm relatively new to Sophos.)

  • 0 in reply to Stem Admin

    Hello Ben,

    by default On-Access checks local files as well as remote ones (unless you've deliberately excluded certain drive-letters, paths, or generally remote files) . A removable disk is normally local. There's BTW no option to restrict a scan to the boot-device.

    Christian

Reply
  • 0 in reply to Stem Admin

    Hello Ben,

    by default On-Access checks local files as well as remote ones (unless you've deliberately excluded certain drive-letters, paths, or generally remote files) . A removable disk is normally local. There's BTW no option to restrict a scan to the boot-device.

    Christian

Children
No Data
Unfiltered HTML