Allow CD/DVD drives, but block USB drives

Discussion in 'Other ESET Home Products' started by tanstaafl, Mar 29, 2010.

Thread Status:
Not open for further replies.
  1. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Hello,

    I want to block USB drives, but allow Read-Only access to IDE CD/DVD drives.

    For some people the CD drive is D:, for others it is either E: or F:...

    On my computer, where I access the RAC, they are T: and U:...

    How can I allow the CD/DVD drives, while still blocking USB thumb drives?
     
  2. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    I think you can handle that with the "Exceptions" under the Block Media option and select only the ports/drives to be scanned.

    eset_01.jpg
     
  3. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    I know about that, but as I said -

    I am trying to do this via a policy, and the RAC GUI only allows you to add drive exceptions that *exist* *on* *my* PC*. The problem is, the CD drives on *my* computer are T: and U:, but the drives on everyone else's will be either D: or E:...

    HELP!!!
     
  4. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Ah, sorry about that. It wasn't clearly stated that is what you were trying to do.

    Can you go to one of the Clients that has the D: and E:. Setup the exceptions and export the config file. You should then be able to import the config file into the Policy Editor in ERAC and it will have the exceptions from the Client machine.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    USB drives are unequivocally identified by their names in the device manager, the drive letter doesn't matter. An example of such an xml:
    <NODE NAME="@My profile" TYPE="SUBNODE">
    <NODE NAME="ExceptionDevicesList" TYPE="SUBNODE">
    <NODE NAME="27" NAMEVIEW="Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A" CHECKED="1" TYPE="SUBNODE">
    <NODE NAME="28" NAMEVIEW="Root Hub" CHECKED="1" TYPE="SUBNODE">
    <NODE NAME="29" NAMEVIEW="[Port1] " CHECKED="0" />
    <NODE NAME="30" NAMEVIEW="[Port2] " CHECKED="0" />
    <NODE NAME="31" NAMEVIEW="[Port3] " CHECKED="0" />
    <NODE NAME="32" NAMEVIEW="[Port4] " CHECKED="0" />
    <NODE NAME="33" NAMEVIEW="[Port5] " CHECKED="1" />
    <NODE NAME="34" NAMEVIEW="[Port6] " CHECKED="1" />
    </NODE>
    </NODE>
    </NODE>
     
  6. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Hi Marcos,

    Ummm... ok, thanks for the reply, but I'm at a loss as to how I could use that to accomplish what I'm trying to do.

    Could you elaborate on how I might actually implement such a policy, that would block all USB drives, but still allow CD/DVD ROM drive access?

    Thanks,

    Charles
     
    Last edited: Mar 30, 2010
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume that the CDROM is not connected via USB so this feature has absolutely no effect on it. If the same hardware is used on all computers, you can download the configuration from one machine, mark all ports on all usb controllers in the cfg editor and push the configuration back to all clients.
     
  8. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Ok, but I don't understand *where* I'm supposed to put those.

    I can block ALL removable media, and add *exceptions*, but this would be the *opposite* of that...
     
Thread Status:
Not open for further replies.