Device Control pops up box even though user has Read/Write

Discussion in 'ESET Server & Remote Administrator' started by snotechs, Jan 5, 2013.

Thread Status:
Not open for further replies.
  1. snotechs

    snotechs Registered Member

    Joined:
    Jan 5, 2013
    Posts:
    6
    Location:
    United States
    I have a Device Control policy applied to enable Read-Only access to USB, Firewire and Optical devices for all computers with ESET installed. I then allow full Read/Write via AD Group for the IT department. However upon inserting a USB thumb drive ESET informs that "Writing not allowed for USB Storage" even though the logged on user has Read/Write Permission. Looking at Device Control Logs it appears that NTAUTHORITY\Local Service and NTAUTHORITY\Network Service are being denied write access and causing the prompt. Is there a better way to create an exception for IT that won't cause the prompt? Also I feel like having system level services not able to write could potentially cause issues down the road.
     
  2. P_R_

    P_R_ Eset Staff Account

    Joined:
    Jul 25, 2012
    Posts:
    62
    Location:
    Slovakia
    Hello snotechs,

    the control is accomplished by rules that are sorted in the order determining their priority, with higher priority rules on top.

    So probably you have the rules in wrong order, you could just reorder them.
     
  3. snotechs

    snotechs Registered Member

    Joined:
    Jan 5, 2013
    Posts:
    6
    Location:
    United States
    Reordering the rules from how they are currently configured breaks my exception completely. They are currently ordered with the exception first (top of the list) and the rules blocking Write access below the exceptions. The prompt has gone away after tweaking some GUI settings but my Device Control logs still show NTAUTHORITY users as being blocked. So far it has only caused issues with SCCM image creation so we uninstalled ESET from that machine.
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,031
    Location:
    California
    Hello,

    I would suggest contacting ESET technical support directly toll-free at +1 (866) 343-3738 to arrange to go over the ruleset with an engineer.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.