+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 31
Hardware Thread, Total ban on removable media in Technical; Hi Gang, For weeks now we have been chasing around a pesky virus (artemis) and are considering a ban on ...
  1. #1

    Join Date
    Jun 2009
    Location
    Watford
    Posts
    876
    Thank Post
    381
    Thanked 114 Times in 73 Posts
    Rep Power
    62

    Total ban on removable media

    Hi Gang,

    For weeks now we have been chasing around a pesky virus (artemis) and are considering a ban on all USB sticks/removable drives. As we are an RM school we would like to recommend some off site storage for the girls/teachers to use. Would love to hear if other schools have followed through with this?

    Also did you open up all machines and physically remove connection from mainboard, or use BIOS configuration?

    How did the teachers and pupils react to the decision of banning them?

    Feedback much welcome!


    Regards,

    Andy Turpie

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    how is it being spread? if it is the autorun.ini, then can you not just disable autorun.ini by gpo, thats all we did at my place, and although the virus is still there, its just no run.

    Toby

  3. #3

    Join Date
    Nov 2009
    Posts
    79
    Thank Post
    3
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Quote Originally Posted by tobyglenn View Post
    how is it being spread? if it is the autorun.ini, then can you not just disable autorun.ini by gpo, thats all we did at my place, and although the virus is still there, its just no run.

    Toby
    Good but that seems pointless. Why do people need access to memory sticks they all i assume have access to a school email account and can attach send files via that.

    We have just blocked all drives so that even when its plugged in it wont recognize it as a mass storage device.

  4. #4

    Join Date
    Jun 2009
    Location
    Watford
    Posts
    876
    Thank Post
    381
    Thanked 114 Times in 73 Posts
    Rep Power
    62
    Hi Toby,

    Our school has over 500 desktops and 115 teacher laptops, the virus is caught by our McAfee, but leaves a mess of the registry with startup looking for two dsjkhfkjsdhf.exe program entries (example there). This upsets the teachers on classroom pcs as they have to click okay twice after they log on to get rid of the message. We are chasing this around a large site would prefer to kick off a full rebuild of all PCs and ban USB usage and start afresh.

  5. #5

    Join Date
    Jun 2009
    Location
    Watford
    Posts
    876
    Thank Post
    381
    Thanked 114 Times in 73 Posts
    Rep Power
    62
    Dan,

    Good point - They have access to Easymail with attachment facilities. How did you block the ports, as we would need two live for keyboard and mouse?

    Andy

  6. #6
    Devontechie's Avatar
    Join Date
    Nov 2007
    Location
    UK
    Posts
    889
    Thank Post
    177
    Thanked 196 Times in 160 Posts
    Rep Power
    70
    What about students that don't have Internet access at home?

    Quote Originally Posted by andyturpie View Post
    Dan,

    Good point - They have access to Easymail with attachment facilities. How did you block the ports, as we would need two live for keyboard and mouse?

    Andy

  7. #7

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    Quote Originally Posted by andyturpie View Post
    Hi Toby,

    Our school has over 500 desktops and 115 teacher laptops, the virus is caught by our McAfee, but leaves a mess of the registry with startup looking for two dsjkhfkjsdhf.exe program entries (example there). This upsets the teachers on classroom pcs as they have to click okay twice after they log on to get rid of the message. We are chasing this around a large site would prefer to kick off a full rebuild of all PCs and ban USB usage and start afresh.
    Hiya,

    I understand where you are coming from, our virus did not work like that, so i understand where you where coming from, at the time when we had ours, sophos didn't even know of the virus, we had to send them samples of the files for them to fix. but all the virus did was spread itself via usb's and there was a dll on the machine that just infected the drive if it could write to it. the email thing is one way around it. but at the school i was at, at the time had lots of darling students that tended to pull the network leads out and when reconnected the network drives did no reconnect untill log off and the student could not save there work anywhere as they had a mandatory profile, so we had to pop around with a usb stick and save it to that for them, then reboot machine and log in, save work to network!

    Good point - They have access to Easymail with attachment facilities. How did you block the ports, as we would need two live for keyboard and mouse?
    block the drives rather then the ports e.g block E: F: etc, but leave the ones you use for mapping drives to

    Toby

  8. #8
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Quote Originally Posted by stevehill06 View Post
    What about students that don't have Internet access at home?
    They could work at school, just like the students who don't have a computer at home.

    Also worth finding out if you actually have any without PC/internet access before worrying about that - from a recent survey, we know we have 100% broadband penetration (but we are a fee-paying urban school, so it may be different for you).

  9. #9
    camel's Avatar
    Join Date
    Nov 2009
    Location
    east midlands
    Posts
    109
    Thank Post
    30
    Thanked 38 Times in 19 Posts
    Rep Power
    16
    I've been experimenting with a program called USBDLM for sometime now to resolve a problem with our USB drives using network drive letters, rendering the USB drive unusable. It worked perfectly, but could even be configured to scan for viruses before the drive is made accessible to the user. Not tried this functionality yet (in testing). It can bypass Windows autorun which would help with limiting the damage caused by a network aware virus on a USB stick. Plus it has a wide feature set for limiting specific devices (works with digital cameras, card readers, external HDDs and more - check the site), renaming and encryption.

    I also use software restrictions to limit where executables run from, limiting exes to run from known locations only (search the forums for more info)

    Depends on your site requirements and policies for data usage and security but as USBs are cheap, versatile and just work (mostly), it makes them ideal for moving and using data anywhere, unfortunately.

  10. #10
    Slewis's Avatar
    Join Date
    Jun 2007
    Location
    Bolton
    Posts
    48
    Thank Post
    2
    Thanked 11 Times in 9 Posts
    Rep Power
    16

    Talking

    We had a similar viral outbreak here a couple of years ago.

    We had problems rolling out Sophos, and when it was present it would detect the virus and prevent it running, but couldn't remove it.

    My solution was writing a VBS to notify me of infections. (The virus in question always generated a specific file in addition to random ones (C:\Windows\inf\svchost.exe)

    From there it was just a matter of cleaning it up (used a program called Replacer that was intended for replacing system files, then terminated the process) and innoculating repeat infections, (by disabling autorun and setting deny permissions on the local executables).

  11. #11
    TYO
    TYO is offline

    Join Date
    Nov 2008
    Location
    London
    Posts
    86
    Thank Post
    11
    Thanked 3 Times in 3 Posts
    Rep Power
    12
    we have blocked all USB media for years 9 to 11 as they seemed the only users causing problems. we have ranger administrator and it was very straight forward to setup a block. aslong as you have a good VLE/email system it shoudnt be a problem. we also have sharepoint access to students home directories. The only issue is students who do not have internet at home.

  12. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,817
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    We use GFI endpoint security. It's not cheap but does the job well

  13. #13

    Join Date
    Jun 2008
    Location
    London
    Posts
    62
    Thank Post
    26
    Thanked 4 Times in 4 Posts
    Rep Power
    0
    Hi,

    You can disable all USB storage devices by pushing out a registry merge in you workstation custom settings in the RM Console. The value that you need to change is:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\UsbStor
    In the details pane, double-click Start.
    In the Value data box, type 4, click Hexadecimal (if it is not already selected), and you are done.

    We have a temporary ban on USB storage here for the same reasons!

    Hope that helps.

  14. Thanks to Stuarte from:

    andyturpie (7th December 2009)

  15. #14

    Join Date
    Jun 2009
    Location
    Watford
    Posts
    876
    Thank Post
    381
    Thanked 114 Times in 73 Posts
    Rep Power
    62

    Cheers

    Thanks Stuart, thats the route we might go down - nice one!!!!!!!!!

    Andy T

  16. #15
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Quote Originally Posted by camel View Post
    I've been experimenting with a program called USBDLM for sometime now to resolve a problem with our USB drives using network drive letters, rendering the USB drive unusable. It worked perfectly, but could even be configured to scan for viruses before the drive is made accessible to the user. Not tried this functionality yet (in testing). It can bypass Windows autorun which would help with limiting the damage caused by a network aware virus on a USB stick. Plus it has a wide feature set for limiting specific devices (works with digital cameras, card readers, external HDDs and more - check the site), renaming and encryption.
    Could you keep me/us posted on how you get on with this as this sounds like a useful solution to a few issues that have plagued me in one or two schools.

    If nothing else, getting the AV to scan the drive and kill off any autorun chicanery BEFORE anything goes in the system that would be a real plus.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Removable Disk Backup
    By Liberto29 in forum Windows
    Replies: 20
    Last Post: 10th September 2009, 12:45 PM
  2. To Ban Or Not To Ban this is the question
    By NBC_Sys_C-ord in forum School ICT Policies
    Replies: 54
    Last Post: 5th December 2008, 10:24 AM
  3. Replies: 4
    Last Post: 19th November 2008, 11:47 AM
  4. Safely Remove Removable Device
    By phillipmillward in forum Windows
    Replies: 16
    Last Post: 21st March 2007, 04:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •