plerobo.blogg.se - Ironkey usb

Option 1: Blacklist style with read-only support on regular USB keys (Block writing to USB except IronKey) Part II: Application and Device Control Policy If all of the IronKey devices are the same model and revision you should only see 2 File exceptions (Application Control) per drive letter and 2 Application exceptions (The hash won't change with drive letter, however duplicate hashes may be seen if the application was detected in more than one location). The number of necessary exceptions will vary if older and newer devices are used. The completed policy should look similar to the following. d:\ironkey.exe, d:\windows\ironkey.exe or e:\ironkey.exe, e:\windows\ironkey.exe) Note: There should be two exceptions per expected drive letter. Check the box next to Also exclude child processes.

Check the box next to Application Control.

Add a file exception for each likely path to the primary executable:.

Repeat steps 1-3 to work with newly detected applications.Īpplication Control Exception - Prevent process injection upon execution of :\IronKey.exe and :\windows\Ironkey.exe or their dependencies. Note: After entering an application to monitor it may take a while for new execution attempts to be reported to the SEPM.

Enter the following application to monitor: ironkey.exe.

Add an application to monitor: Add > Windows Exceptions > Application to monitor.

Skip step 4 and 5 if all recorded instances of Ironkey.exe are set to ignore.

Proceed to Application Control Exception. If there are no instances, please proceed to step 4.

Select any instances of Ironkey.exe and set the action to Ignore, then click OK.

Review detected applications in Policies > Exceptions > Edit, then Exceptions > Add > Windows Exceptions > Application.

Application Exception - Prevent SONAR interaction and/or process injection upon execution of :\IronKey.exe and :\windows\Ironkey.exe or their dependencies.