file manipulation (for user usb logging .. read on)

[amfony]

Hello,

i am a relative newbie, i had some success with autoIT3 and automating some mail setups for my users romainf profiles.

I am now back to use the unrelenting power of autoIT to do this ...

I have users who can via our policy use usb devices to bring in and out work. AV is realtime on access scan so everything is sweet, however what i would like to stop is the introduction of EXE and ANY executable (including .au3, ,vbs, cmd, js, .pl) into users home folders and local drives.

So the autoITscript i would like to create (im not asking to have stuff made for me i want to learn) would need to read for file extensions and prohibit thoes files on my system (IE any drive other then the drive it is coming from). If prohibiting is not possible, then a log of what usb drive had wat exe on it.

Sorry if too vague, let me know

[Xenobiologist]

Hi,

that won't get you much further. If you have such a script it prevents the user from coping it. OKay. So far so good. But your script has be to runned all the time checking for changes. And what about renaming the virus.exe to virus.123 and then after the script accepted it rename it to virus.exe?

Many possibilities to ...

I'm not willing to post bad comments, but I think it is better to make youself absoultely clear, of what you want to achieve in the end.

So long,

Mega

Edited July 19, 2006 by th.meger

[Briegel]

@amfony,

surely with AutoIt nothing could be impossible. But you have to see the effort. What about renamed files? You have to read and analyze every fileheader. Users (and admins?) shouldn't be able to close your program. Your program should be optimal run as a service. etc.

I think if your security desires such a solution it's better to buy commercial software like DeviceWatch or DeviceLock® or other tools google find for you.

In my company we're using DeviceWatch and CDWatch from IT Watch and both are absolutely functioning fine.