![]() ![]() You’ll notice the same copy command is repeated 11 times in this script.We must know the drive letter, E:\ in this case, of the USB device we wish to copy files to. ![]() There are two important things to note with this script: To take advantage of a small window of time where our USB device is accessible, we wrote a simple batch script to copy our test files off the client device and onto the USB drive (see Figure 1). With some quick fingers and a very simple batch script designed to copy files to our test USB device, we won the timing race and beat SEP to the punch of disabling our device and successfully copied up to 50 MB worth of files to it from our client laptop!Ī year later, after working with the Symantec responsible disclosure team, a CVE has been issued for the vulnerability and can be found here. During our testing we discovered that there is a short window of time available to copy files onto and off of USB devices. One way SEP keeps data from leaving the corporate environment is by disabling any USB device plugged into employee workstations to prevent copying file and folders to and from unauthorized USB drives. About a year ago, we were performing a laptop hardening and configuration review at one of our financial services clients using Symantec Endpoint Protection’s (SEP) USB Device Control as part of their Data Loss Prevention solution. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |