Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > Allow one specific exe to run from USB and block all others

Allow one specific exe to run from USB and block all others

Table of contents

Overview

This article explains how you can allow one specific exe to run from USB and block all others.

Environment

LEM 6.2 and later

Steps

A user can make use of the ready template: Detach USB - File Executed

It is searching for any FileExecute that has the providerSID = USB (for the usb defender). A user can then add one extra line to this to look for FileExecute.ExtraneousInfo Not Equal to *executableYouWantToAllowNameHere.exe*

Example:

If Calc.exe is the exe we want to run from the USB but want to block all other exes from running:

FileExecute.ProviderSID = *USB*

AND

FileExecute.ExtraneousInfo NotEqual to *calc.exe*

This should then cause the rule to look for additional information on the file executed, if it doesn't equal executableYouWantToAllowNameHere.exe, then it will detach the USB, to stop it from running. Then if the executableYouWantToAllowNameHere.exe is running, this rule won't fire and the user can still use that one exe to run from the USB.

 

 

 

Last modified
22:39, 23 Feb 2017

Tags

Classifications

Public