Posts Tagged ‘Usb Storage Devices’
How To Detect USB Using WMI Script
Last Updated on Sunday, 19 December 2010 04:46 Written by databank Sunday, 19 December 2010 07:54
USB flash drives are very common and can be found in almost every computerized environment for storing and transferring data between computers. These USB devices make it really easy for potential attacker to exploit unprotected computers with malicious virus and Trojan software and provide a gateway to the network for manipulating sensitive data.
Detecting USB storage devices
There are some nice tools that can be found on the net that will notify about USB devices on local and remote windows platforms. But most of them are not free and will require an installation of an agent on the remote windows platforms.
WMI notification event script
The following USB notification event script will send an event message in response to any operation of USB device on local or remote windows platform. For simplicity, the script is using a temporary event subscription, which exists only as long as the script is running. Some modifications will be needed for a permanent event subscription that will not require a perpetually running script:
VBScript (should be copied and saved as .vbs file):
strComputer = “.” ‘(Any computer name or address)
Set wmi = GetObject(“winmgmts:” & strComputer & “rootcimv2″)
Set wmiEvent = wmi.ExecNotificationQuery(“select * from __InstanceOperationEvent within 1 where TargetInstance ISA ‘Win32_PnPEntity’ and TargetInstance.Description=’USB Mass Storage Device’”)
While True
Set usb = wmiEvent.NextEvent()
Select Case usb.Path_.Class
Case “__InstanceCreationEvent” WScript.Echo(“USB device found”)
Case “__InstanceDeletionEvent” WScript.Echo(“USB device removed”)
Case “__InstanceModificationEvent” WScript.Echo(“USB device modified”)
End Select
Wend
JScript (should be copied and saved as .js file):
strComputer = “.”; //(Any computer name or address)
var wmi = GetObject(“winmgmts:” + strComputer + “rootcimv2″);
var wmiEvent = wmi.ExecNotificationQuery(“select * from __InstanceOperationEvent within 1 where TargetInstance ISA ‘Win32_PnPEntity’ and TargetInstance.Description=’USB Mass Storage Device’”);
while(true) {
var usb = wmiEvent.NextEvent();
switch (usb.Path_.Class) {
case “__InstanceCreationEvent”: {WScript.Echo(“USB device found”); break;}
case “__InstanceDeletionEvent”: {WScript.Echo(“USB device removed”); break;}
case “__InstanceModificationEvent”: {WScript.Echo(“USB device modified”); break;}}}
Conclusion
Using the preinstalled Windows Management Instrumentation (WMI) on windows platforms is free and will not require any remote agent. It will only require a simple script that can be run manually from a privileged user account or from another network monitoring software like IDS IPS Network Protection and Network Access Control Monitoring network security scanners.
Tags: Amp, Attacker, Case Usb, Class Case, Computer Name, Data Storage, detect usb ruby, detect when usb, detecting usb with wmi script, Flash Drives, Isa, Jscript, Malicious Virus, Mass Storage Device, Ron Winner, Sensitive Data, Simplicity, Trojan, Unprotected Computers, Usb Devices, Usb Flash Drives, Usb Storage Devices, Windows Platform, Windows Platforms, Winmgmts, wmi.execnotificationquery("select * from __instanceoperationevent within 1 where targetinstance isa 'win32_pnpentity' and targetinstance.description='usb mass storage device' | Posted under USB Storage | No Comments
USB Storage Drives-A Commendable Concept
Last Updated on Tuesday, 9 November 2010 09:39 Written by databank Tuesday, 9 November 2010 09:39
USB Storage Drives-A Commendable Concept
usb storage
USB Storage Drives-A Commendable Concept
Free Online Articles Directory
Why Submit Articles?
Top Authors
Top Articles
FAQ
AB Answers
0 && $.browser.msie ) {
var ie_version = parseInt($.browser.version);
if(ie_version Hello Guest
Login
Register
Hello
My Home
Sign Out
Email
Password
Remember me?
Lost Password?
Home Page > Computers > Hardware > USB Storage Drives-A Commendable Concept
USB Storage Drives-A Commendable Concept
Posted: Aug 07, 2010 |Comments: 0
|
]]>
USB Storage Drives-A Commendable Concept
By: Mark Benson
About the Author
The author is an expert writer in the field of the technology and writes for leading computer ram manufacturer. Presently writing on various topics related to computer hardware and peripherals like computer RAM, USB drives, memory cards, memory modules and other computer products.
(ArticlesBase SC #2983268)
Article Source:
Tags: Article Source, Commendable, Computer Hardware And Peripherals, Computer Ram, Concept, Drive Pen, DrivesA, Electronic Devices, Expert Writer, Flash Drive, Floppy Drives, Guest Login, Hardware And Peripherals, Leading Computer, Mark Benson, Memory Cards, Memory Modules, Pen Drive, Plug And Play, Ram Usb, Safe Technology, Storage, Thumb Drive, Usb Storage Devices | Posted under USB Storage | No Comments
How-to Guide: Block USB Storage Devices on Windows XP
Last Updated on Tuesday, 2 November 2010 02:38 Written by databank Tuesday, 2 November 2010 02:38
How-to Guide: Block USB Storage Devices on Windows XP
usb storage
This guide is written to help an administrator block the access of USB storage devices in Windows XP. This is particularly useful for large offices who work in data sensitive information, like the Health Care industry.
Setting User Permissions
1. Log into an Administrator account in the desired Windows computer.
2. Open up a Windows Explorer window, and in the address field type:
%SystemRoot%\Inf
3. Locate the files Usbstor.inf and Usbstor.pnf, select both files, right-click and go to Properties.
4. Click on the Security Tab.
5. In the Group or User Names list, add the user group that you want to deny permissions to.
6. In the Permissions for that group, click the Deny box next to Full Control.
7. Now repeat step 6 for the System Account.
This will prevent any new access to a USB storage device, but if a device is already installed on the computer you will need to complete these additional steps.
These steps require that you modify the registry. This can cause serious problems if you modify incorrectly. You should begin by creating a backup of your registry. This can be restored in the event that you incorrectly modify and cause an error in Windows.
Backing Up The Registry
1. Click Start, Run, and type:
%SystemRoot%\system32\restore\rstrui.exe
2. Click OK.
3. On the Welcome to System Restore page, click Create a Restore Point and click Next.
4. On the Create a Restore Point page, type a name for the Restore Point and then click Create. -if you have restores turned off it will ask whether to turn on now, click yes, in the System Properties dialog box, clear the Turn off System Restore check box and click OK.
5. After the restore is created click close.
Changing the Registry
1. Click on Start, Run and type:
regedit
2. CLick OK.
3. Locate and click the following Registry Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
4. In the details area, double-click Start.
5. In the Value data box, type 4, click Hexadecimal (if it is not already selected).
6. Click OK.
7. Exit the Registry Editor.
Now the system should be locked from using USB storage devices. Plug in a USB drive and you will see that it will not load. You can check that it does register in the Device Manager but is not permitted to load drivers.
Verifying in Device Manager
1. Click on Start, then Right-click My Computer and choose Properties.
2. Click on the Hardware tab.
3. Click Device Manager.
4. Listed under Universal Serial Bus Controllers, there should be a device with an exclamation mark. This would be the USB drive with blocked drivers.
Restoring The Registry (ONLY use this if you have incorrectly altered the Registry)
Do not use this to reverse the above effects at a later date, as restoring to this date will undo any adjustments in windows between these dates.
1. Click Start, Run and type:
%SystemRoot%\System32\Restore\Rstrui.exe
2. Click OK.
3. On the Welcome to System Restore page, click Restore My Computer to an Earlier Time and click Next.
4. On the Select A Restore Point page, click the system checkpoint you recently created. In the On This List Select the Restore Point area, click “Guided Help (Registry Backup)” and click Next.
5. A system message may appear that list configuration changes to be made, click
Tags: Address Field, Administrator Account, Block, Click Create, devices, Guide, Health Care Industry, Hook, Howto, Inf 3, Point And Click, Registry Key, Security Tab, Step 6, Storage, System Restore, Systemroot, Type Regedit, Usb Storage Device, Usb Storage Devices, User Group, User Names, Windows, Windows Computer, Windows Explorer, Windows Xp | Posted under USB Storage | No Comments