All geek questions in one place

Approve USB device after insertion

On Windows, is there a way to programmatically approve a USB device after insertion, if it has a certain type (say, a removable disk), allows it to be used, otherwise not? Also, do not allow drivers to run, allow the device to be used only in an approved way?

those. We want to allow the insertion of USB drives, but we donโ€™t have to worry about the installed virus.

EDIT Sorry, I was not very versed in publishing this question. Yes, this is Windows, but I'm not worried about autorun programs, which, of course, are disabled. Users will not be able to access executable files, only data will be read from disk. They will not have access to any user interface, except what we allow (this is a kiosk). I am worried about working with drivers and installing software (ala U3 and other USB software that installs when a USB drive is inserted). In the wild, there are many viruses that you can run by simply inserting a USB drive into the system. We have limited Group Policy actions to the level that we can, but I canโ€™t find a way to prevent the installation of drivers without creating a basic whitelist of USB drives that come pre-loaded and nothing else will work (i.e. Don't allow installation drivers).

+4
source share
4 answers

If this is your own kiosk app, make sure your kiosk has the letters AZ. To access the USB drive, you need the path to the form \ ?? \ Volume {GUID} \ Filename. But by storing this from a regular file system, you can be safe from most attacks.

You are never completely safe. As Raymond Chen noted, this doesnโ€™t help much if you reject the forks. Damage (physical) has already been completed.

+2
source

(Since you are worried about viruses, I assume we are talking about Windows.)

It makes no sense to limit such a user. Verify that the user does not have administrator privileges. And install a modern antivirus.

Justification. If you are not going to allow even reading files, then using a USB drive will be useless anyway. Thus, you are going to allow reading files from a USB drive. But then someone could already install the virus by copying it to the local hard drive and running it from there.

+5
source

Also, on Windows, disable auto play / autoplay on USB drives.

With Group Policy: http://www.howtogeek.com/howto/windows/disable-autoplay-of-audio-cds-and-usb-drives/

TweakUI also has options: http://www.microsoft.com/windowsxp/Downloads/powertoys/Xppowertoys.mspx

+2
source

No. You can restrict access to removable media using the GPO, but you cannot specify which files are allowed on removable media or if they can run or not.

EDIT: upvoting thomas. better answer than mine.

+1
source

Source: https://habr.com/ru/post/1276843/

More articles:


All Articles