jan.nielsen Tue, 03/03/2009 - 11:03

You could create a file access control rule denying file writes to the @removable location, which will include all removable drives (usb/firewire/flash and so on), i believe there is a more specifice @cdrom location as well, which is only the optical drives in a host.

izavertaev Wed, 03/04/2009 - 00:43

Yeap, I created a rule, it works for USB, but it does not work for the block burning CD.

jan.nielsen Wed, 03/04/2009 - 04:41

Hmm, what are you using for a burner program, maybe there are differences in how this works with native windows cd burner vs. nero and others.

izavertaev Wed, 03/04/2009 - 06:22

I try use Win burning and Nero, but my policy doesn't work :(

may be the some default policy action is allow burn CD?

jan.nielsen Wed, 03/04/2009 - 06:46

I doubt it, but you try to define exactly the application you are using and only deny that, should be more specific than any rule allowing it, just to test that.

marcus6150 Wed, 03/11/2009 - 07:56

I too have not been able to make this rule work. I believe it's the way Nero writes to a CD. It does not go through the OS, but rather directly writes to the CD, therefore, CSA does not see it and cannot block this activity.

Actions

This Discussion