And the stupid thing always uses at least 500mb of RAM on my PC once it’s been up for a couple of hours. Computer Configuration -> Policies -> Administrative. At the end of the day, a determined malicious actor could bypass it, more than likely, and it seems that the sorts of files it is designed to protect would be targeted files for corporate espionage. The settings for blocking external storage devices are available in both the User and Computer sections of the GPO: User Configuration -> Policies -> Administrative Templates -> System -> Removable Storage Access. And that’s before we consider the possibility of simply encrypting the files to exfiltrate before attempting to move them off of the PC, which would bypass it entirely. Since then I’ve seen a Symantec extension pushed to Chrome/IE, but given that they used Chrome’s GPO support to do that, I bet forks are unaffected. I know for a while web browsers were NOT supported (or maybe my company didn’t have it deployed) because I had to send a vendor web security scans for a piece of software so they could remediate, blocked via email (fair enough, I suppose), worked in their support portal. If you use a non-supported app, it seems to completely bypass it. I am fairly confident it only looks at email, web browser uploads in supported browsers (special thanks to them for the times I have to upload a 100mb zip file full of server logs to a vendor support page, that only takes 10 minutes or so if I can do it without the page timing out), USB transfers (I’ve never tried this, no need), and possibly SMB transfers. To do it, open the GPO management console ( gpmc.msc ), right-click on OU Workstations and create a new policy ( Create a GPO in this domain and Link it here.) Tip. My employer has it deployed to every endpoint, for the longest time didn’t check files uploaded via a web browser (they recently forced a Chrome extension that does this, but it could probably be bypassed by using a different browser). 7) Right click on Registry, and select New > Registry Item. 6) Navigate to Computer Configuration > Preferences > Windows Settings > Registry. My issue with it is that a malicious actor can probably find ways around it, at least, given my experience with Symantec DLP. 5) Right click on the newly created ' Disable USB Mass Storage ' GPO, and select Edit GPO.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |