How do you try and prevent viruses from USB stick in your business?

Spooter

Spooter

Spooter

Associate
Joined
1 Aug 2007
Posts
1,065
How do you try and prevent viruses from USB stick in your business?

Do you block USB's from been used?

Have a off the network system for scanning drives?

Obviously antivirus on your PC's help but when you manage thousands its always possible it may have stopped working/not updated or been removed by a power user.
 
AV on the PC's blocked by Devicewall except for specific users.

Have a policy of bring them to IT if you want something off them and we will scan then copy the document to the user and job done.



M.
 
We just use the registry key method, pushed by custom GPO.

Essentially it just disables usbstor.sys (the USB storage driver).
 
Last edited:
The uni I'm at doesn't. I used a machine that other students had used their USB drives on and because it wasn't connected to the university network (it was just on a piece of analytical equipment in a lab), there was no A/V installed. The machine needed a format as it was destroyed almost by just a handful of student's usb drives. Worse thing was I put mine in there too and it got infected. That sounded quite dodgy...

Moral is, make sure there's a damn good A/V on or just don't allow them if it's a critical network.
 
Company I used to work at just instructed us to cut the cables that run to the front USB panel... users can never be bothered to go round the back... Worked pretty well :D
 
Solaris said:
Company I used to work at just instructed us to cut the cables that run to the front USB panel... users can never be bothered to go round the back... Worked pretty well :D
Click to expand...

Thats a pretty stupid idea when you can just disable USB mass storage.

We dont restrict ours but people dont use USB sticks very much, most stuff comes in through email and is distrobuted via file shares on the server or back out over email.

As we grow it might be appropriate to disable USB mass storage but for now I think we will be ok.
 
paradigm said:
Exactly. Our email gets scanned at least twice on the way in.
Click to expand...

Yeah we have a gateway scanner, scanner on the mail server and client AV, trouble is a lot of emails come in encrypted and dont get decrypted until they reach the client machine so AV is a bit of a headache sometimes.
 
HypnoToad said:
is having USB stick access anymore risky than allowing e-mail attchments?
Click to expand...

Many virus's like to hide them selves in the usb sticks autorun.
Soon as some poor fool plugs it in, BLAAM.
Conficker is a particularly nasty one for doing this and will spread pretty rapidly.
I've seen rooms of 50+ machines ALL be infected by this little bugger within seconds of the innitial machine being infected.
 
Standard accounts are unable to launch code unless it's in program files, windows dir, or a previously authorised location which then is restricted to the hash of the program being run.

Removable media of any type is not one of those authorised locations.

That's along with things like av etc, plus we use Lumension to control/restrict what accounts can do but that's more for data leakage rather than viri.
 
DustyMiller said:
As long as your Av is configured correctly to scan on all reads, then your USB ports should be protected.
Click to expand...

That's like cracking an egg with a sledge hammer. Setting AV to monitor on every read is a extreme measure and a major resource strain on local/remote machines and not something you should be doing.

If you control what comes in and out the network there's little reason to have such intensive scanning.
 
You must log in or register to reply here.
Back
Top Bottom