logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Approved USB device is triggering a block after entering the Bitlocker password

Approved USB device is triggering a block after entering the Bitlocker password

Version

7.2.x.

 

Issue

Approved USB device is triggering a block after entering the Bitlocker password, but the device is accessible for write after acknowledging the Bit9 notifier.

 

Symptoms

Removable device setting on the policy has Active to block Write action on Unapproved Removable Devices. Ntoskrnl.exe gets a block when using Bitlocker on an approved USB device.

 

Solution

Create a custom rule

Rule type: Advanced

Operation: Write

Write Action: Allow

Path: \device\harddiskvolume*

Process ntoskrnl.exe

Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
anadrowski
Creation Date:
‎01-16-2015
Views:
1186
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.