Sign in to follow this  
Followers 0
amfony

file manipulation (for user usb logging .. read on)

3 posts in this topic

Hello,

i am a relative newbie, i had some success with autoIT3 and automating some mail setups for my users romainf profiles.

I am now back to use the unrelenting power of autoIT to do this ...

I have users who can via our policy use usb devices to bring in and out work. AV is realtime on access scan so everything is sweet, however what i would like to stop is the introduction of EXE and ANY executable (including .au3, ,vbs, cmd, js, .pl) into users home folders and local drives.

So the autoITscript i would like to create (im not asking to have stuff made for me i want to learn) would need to read for file extensions and prohibit thoes files on my system (IE any drive other then the drive it is coming from). If prohibiting is not possible, then a log of what usb drive had wat exe on it.

Sorry if too vague, let me know

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Hi,

that won't get you much further. If you have such a script it prevents the user from coping it. OKay. So far so good. But your script has be to runned all the time checking for changes. And what about renaming the virus.exe to virus.123 and then after the script accepted it rename it to virus.exe?

Many possibilities to ...

I'm not willing to post bad comments, but I think it is better to make youself absoultely clear, of what you want to achieve in the end.

So long,

Mega

Edited by th.meger

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

@amfony,

surely with AutoIt nothing could be impossible. But you have to see the effort. What about renamed files? You have to read and analyze every fileheader. Users (and admins?) shouldn't be able to close your program. Your program should be optimal run as a service. etc.

I think if your security desires such a solution it's better to buy commercial software like DeviceWatch or DeviceLock® or other tools google find for you.

In my company we're using DeviceWatch and CDWatch from IT Watch and both are absolutely functioning fine.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0