SEE Device Control: some certain executable files cannot be blocked
Last Updated May 19, 2014
Even the policy is set to block Executable files, but you can still run it from a removable device.
As per design, SEE-DC Policy supports Read\Write control for different file types. That means copying specific file types is not allowed to\from computer to specific Storage device. SEE DC doesn't block “executable” functionality of any file but while executing if that executable file is making Read or Write call to itself then it gets blocked by SEE DC as per policy.
In this case, when we run the executable file, internally no call gets executed which tries to read the file itself and hence that request never comes to SEE DC’s file system filter driver resulting the file executes successfully.
Imported Document ID: TECH217550
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe