deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

edits

Browse Source
This commit is contained in:
Justin Hall 2018-11-29 16:01:02 -08:00
parent bc31d085f9
commit 77de522789
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
View File

@ -35,8 +35,8 @@ Intune can help reduce threats from removable storage such as USB devices. The f
3. Use the following settings: 3. Use the following settings:
- Name: Windows 10 Device Configuration - Name: Type a name for the profile
- Description: Block removeable storage and USB connections - Description: Type a description
- Platform: Windows 10 and later - Platform: Windows 10 and later
- Profile type: Device restrictions - Profile type: Device restrictions
@ -64,14 +64,14 @@ The scanning scope includes all files, including those on mounted removable devi
You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted.
However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices.
### Enable Block untrusted and unsigned processes that run from USB attack surface reduction rule ### Enable untrusted and unsigned processes that run from USB attack surface reduction rule
End-users might plug in removable devices that are infected with malware. End-users might plug in removable devices that are infected with malware.
In order to prevent infections, a company can block files from usb devices which are not signed or are untrusted. In order to prevent infections, a company can block files that are not signed or are untrusted from USB devices.
Alternatively, companies can leverage the audit feature of attack surface reduction rules to monitor the USB activity of untrusted and unsigned processes that execute on a USB device. Alternatively, companies can leverage the audit feature of attack surface reduction rules to monitor the activity of untrusted and unsigned processes that execute on a USB device.
This can be done by setting **Untrusted and unsigned processes that run from USB** to either **Block** or **Audit only**, respectively. This can be done by setting **Untrusted and unsigned processes that run from USB** to either **Block** or **Audit only**, respectively.
With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. With this rule, admins can prevent or audit unsigned or untrusted executable files from running from USB removable drives, including SD cards.
Blocked file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files. Affected file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files.
These settings require [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). These settings require [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).