Controlling application execution from removable devices

SES Evolution makes it possible to control the execution of applications found on USB storage media. Two methods are available depending on the use case:

  • Use case 1: I want to request confirmation from users when they attempt to run an application on a USB storage device.
  • Use case 2: I want to allow the execution of applications only from a certain type of USB key that the company provides to employees. These keys are identified by their vendor IDs and product IDs and/or trust level.

Both of these use cases can also be combined.

  1. Create an application identifier that indicates:
    • The applications for which you want to request confirmation. Type the Path*.exe for example to indicate that all applications are concerned.
    • The type of volume in question. Enable only Removable in this case.Removable device

    For more information, refer to the section Creating application identifiers.

  2. Create a process creation rule that indicates:
    • The application identifier created above,
    • That users must confirm whenever they execute applications from a removable device. Select Request as the default behavior.Example of a process creation rule

    For further information, refer to the section Controlling process creation.

Once this rule is created, the user will be able to run applications from removable devices only after confirming that the action is deliberate. The request for confirmation and the user’s response will be logged in the agent.

Create a USB storage rule that indicates:

  • The application(s) that you want to prohibit if they are found on a USB storage device. In the section on the left, type the Path*.exe for example to indicate that all applications are concerned.
  • The desired default behavior. Choose Block from the Execution drop-down list to block the execution of applications.
  • The type of keys on which applications are allowed to run. In the right side of the rule, enter the hardware information of this type of key and/or the desired trust level. Example of a USB storage device rule

For further information, refer to the section Controlling storage on USB devices.

Once this rule is created, applications will be prohibited from running on USB storage devices except for trust level 2 devices.