Environment
- App Control Console: All Supported Versions
- App Control Agent: All Supported Versions
Objective
To block reads on Unapproved USB Devices
Resolution
A Custom Rule that uses the Advanced Rule Options will need to be created.
Enable Advanced Rule Options:
- Log in to the Console and navigate to https://ServerAddress/support.php > Advanced Configuration.
- Software Rules > Advanced Rule Options > check: Showing advanced rule options > Update.
Create the Custom Rule:
- Navigate to Rules > Software Rules > Custom > Add Custom Rule.
- Use the following details:
- Status: Disabled
- Rule Type: Expert
- Operations: Open, Open Execute Intent, Read, Mmap Read
- Actions: Block
- Path or File: Any
- Process: Any
- User or Group: Any (Can be a specific user if desired)
- Policies: Selected policies > relevant Test Policy (Recommended to test first)
| ***DO NOT enable the rule yet, or all reads in the environment will be blocked*** |
- Save & Exit the Disabled Custom Rule.
- Edit the Custom Rule.
- Scroll down to the "Advanced" section of the Custom Rule. This only appears after the feature is enabled and the Custom Rule is saved.
- Change File Device Type to: Unapproved Removable.
- Enable & Save the Custom Rule.
Additional Notes
- Files can still be seen, but not opened
- Files can still be copied at the command prompt to a local drive
- Files can be displayed with the DOS Type command
- Creating an additional rule just above this one in the rule stack with a Read Allow permission will allow tuning this for specific environmental needs
