Overview of this hotfix release
enables the OSCE client to control access to external devices. e.g to disable the autorun feature for USB device
note:
- you will not be able to run the hotfix, if it detects your OSCE build doesn't meet the requirement
- supported only on 32bit platforms
- please perform the post installation configuration.
- the device access control feature (DAC) applies to all clients.
- OSCE client will not report unauthorized access logs to the OSCE server. However, user can look for the logs locally in the client machine located at ../Trend Micro/BM/Log
where to get the hotfix?
you may request it from Trend Support.
suggestion for post installation configuration (modify and add to ofcscan.ini). This parameter will just enable the disabling autorun for USB devices.
########################start####################################
[Global Setting]
EnableAEGIS=1
CheckMountPointInterval=300
[AEGIS_DACPolicy]
#PolicyId0=D001 - Device Access Control On Plug in devices (USB)
#PolicyId0=D002 - Device Access Control On CD/DVD
#PolicyId0=D003 - Device Access Control On FLOPPY
#PolicyId0=D004 - Device Access Control On Network Resource
#PolicyId0=D005 - Block AutoRun function on USB devices
# v=0 (disable), 1 (enable)
# w=0 (no pop up), 1 (allow pop up)
# x=0 (pass), 2 (deny access), 4 (Read Only), 5 (Read & Write only), 6 (Read & Execute only)
# y=0 (pass), 2 (deny access)
# z=0 (disable), 1 (enable)
Count=5
Enable=1
PopAlert=0
PolicyId0=D001
Action0=5
Enable0=0
PolicyId1=D002
Action1=0
Enable1=0
PolicyId2=D003
Action2=0
Enable2=0
PolicyId3=D004
Action3=0
Enable3=0
PolicyId4=D005
Action4=2
Enable4=1
########################end####################################
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment