| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 98584 | 2009-03-30 05:40:00 | automatic virus scan for usb drives | spidey (14230) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 760737 | 2009-03-30 05:40:00 | I have been looking on the internet for a solution to this problem - how can I protect my network from viruses spread by people plugging in usb drives that are infected? Is there a program that can be installed on a server that will automatically detect and scan a flash drive-is there a product that can be installed locally on all the pc's that will detect and scan a flash drive?? I don't want to ban the use of flashdrives as this is just not practical. Has anyone encountered the same problem, or have a solution?? cheers Spidey |
spidey (14230) | ||
| 760738 | 2009-03-30 05:48:00 | Nod32 auto scans any device or CD thats put in the machine - if its infected it will soon tell you about it . Also found the following script on Experts Exchange - its meant to run constantly in the background and look for USB devices to trigger a scan every 10 Seconds . Back on my script, save it in a file with a . vbs extension, and run it . It will run silently, constantly monitoring for the USB event . When you want to kill it, open the Task Manager, go to the processes tab, and kill wscript . exe . The Script: Try something like this: '====================== 'Disabling error messages . . . 'On Error Resume Next 'Main routine strComputer = " . " Set objWMIService = GetObject( " winmgmts:{impersonationLevel=impersonate}!\\ " & strComputer & " \root\cimv2 " ) ' Check every 10 seconds (WITHIN 10) Set colMonitoredEvents = objWMIService . ExecNotificationQuery( " SELECT * FROM __InstanceCreationEvent " & _ " WITHIN 10 WHERE Targetinstance ISA 'Win32_PNPEntity' " & _ " and TargetInstance . DeviceId like '%USBStor%' " ) Do Set objLatestEvent = colMonitoredEvents . NextEvent Notifier(objLatestEvent . TargetInstance) Loop Sub Notifier(object) strUSBDeviceDetails = object . Availability & VbCrLf & _ object . Caption & VbCrLf & _ object . ClassGuid & VbCrLf & _ object . ConfigManagerErrorCode & VbCrLf & _ object . ConfigManagerUserConfig & VbCrLf & _ object . CreationClassName & VbCrLf & _ object . Description & VbCrLf & _ object . DeviceID & VbCrLf & _ object . ErrorCleared & VbCrLf & _ object . ErrorDescription & VbCrLf & _ object . InstallDate & VbCrLf & _ object . LastErrorCode & VbCrLf & _ objectManufacturer & VbCrLf & _ object . Name & VbCrLf & _ object . PNPDeviceID & VbCrLf & _ object . PowerManagementSupported & VbCrLf & _ object . Service & VbCrLf & _ object . Status & VbCrLf & _ object . StatusInfo & VbCrLf & _ object . SystemCreationClassName & VbCrLf & _ object . SystemName 'MsgBox strUSBDeviceDetails Set objShell = CreateObject( " WScript . Shell " ) Set objFSO = CreateObject( " Scripting . FileSystemObject " ) Set colDrives = objFSO . Drives For Each objDrive in colDrives ' Check if the drive is ready, and the drive type is Removable Drive (1) If objDrive . DriveType = 1 Then If objDrive . IsReady = True Then Wscript . Echo " Drive " & objDrive . DriveLetter & " is ready . " strCommand = " notepad . exe " objShell . Run strCommand, 1, True Else Wscript . Echo " Drive " & objDrive . DriveLetter & " is not ready . " End If End If Next End Sub '==================== Edited: never tried it - I trust Nod32 - never let me down yet . |
wainuitech (129) | ||
| 760739 | 2009-03-30 06:25:00 | You might want to disable autorun on all the computers too. Most viruses spread that way. | Blam (54) | ||
| 760740 | 2009-03-30 06:42:00 | if you want pm your email address I have some vb6 source code (i wrote it )that continually monitors selected drives, (Embed in code) when trigger file is found (Autorun.inf) it displays a rather annoying repeating message as well as a couple of other things none of which are bad and yes its tested every day |
beama (111) | ||
| 760741 | 2009-03-30 07:05:00 | how can I protect my network from viruses spread by people plugging in usb drives that are infected? Is there a program that can be installed on a server that will automatically detect and scan a flash drive I don't want to ban the use of flashdrives as this is just not practical . Congratulations!! At last, someone with a network taking proper steps in security . You should be commended . And Wainuitechs solution should work just fine, my vote for NOD32 as well . |
pctek (84) | ||
| 760742 | 2009-03-31 06:50:00 | wouldn't the pc's own AV scan the files on access anyway ? saves having the server doing it. just a thought ;) | tweak'e (69) | ||
| 1 | |||||