Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Approved USB device is triggering a block after entering the Bitlocker password

Approved USB device is triggering a block after entering the Bitlocker password

Version

7.2.x.

 

Issue

Approved USB device is triggering a block after entering the Bitlocker password, but the device is accessible for write after acknowledging the Bit9 notifier.

 

Symptoms

Removable device setting on the policy has Active to block Write action on Unapproved Removable Devices. Ntoskrnl.exe gets a block when using Bitlocker on an approved USB device.

 

Solution

Create a custom rule

Rule type: Advanced

Operation: Write

Write Action: Allow

Path: \device\harddiskvolume*

Process ntoskrnl.exe

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-16-2015
Views:
1015
Contributors