Currently SEP ADC policy cannot block Users from burning CD if they have access to the CD Drive. Can blcok the CD Hardware, but then the users cannot read CD's either.
Diretly from a customer who needs to be able to:
· block or unblock all known and unknown unencrypted CD (uCD) burning software
o drag and drop through windows explorer
o known software by exe
o unknown software by behavior
o we want to log all of this
· Block or unblock encrypted CD (eCD) burning software
We have blocking USB working correctly, and we can block by known .exe (uCD and eCD) but blocking uCD by behavior doesn’t work, nor does logging for any type of CD.
The concern is that people can download an unknown burning application and use it to bypass the security lockout.