如何阻止 USB 来阻止笔式驱动器和外部硬盘驱动器
我想制作一个程序来阻止USB,这样就没有人可以访问USB端口来传输媒体。
我不想从 BIOS 阻止 USB 端口,因为我使用 USB 键盘和鼠标。
注意:我想向所有系统授予管理员权限,但只想阻止 USB。在我的办公室里,人们需要管理员权限才能访问其他注册表和 Windows 服务,因为他们是程序员。很少有像诺顿这样的防病毒软件可以选择阻止 USB,无论系统是在管理员模式还是用户模式下运行。在这个系统中,每个系统都运行客户端防病毒,而服务器防病毒则在服务器中运行。我们在服务器和所有客户端中进行设置,USB 被阻止。现在请不要说有 Norton Antivirus :) 我想知道一定有像这些 Fundu 程序员在 Norton Antivirus 中所做的那样。
现在我到目前为止为实现这一目标所做的事情。
我创建了两个Windows服务。一项服务是通过定时器不断地将USBSTOR的Start值更改为4,以使USB始终禁用。此外,第一个服务不断检查第二个服务是否正在运行。如果没有,那么他们会向我发送通知邮件,表明有人试图停止该服务。
第二个服务不断检查第一个服务是否正在运行。如果没有,那么他们会向我发送通知邮件。
我这样做是为了让人们无法停止服务来解锁 USB。
现在的问题是,人们可以禁用我的服务,而该服务将无法工作。在此阶段,服务的状态为正在运行,但实际上已禁用。因此,我只能从我的服务的注册表项(启动)中检查状态(禁用/启用/自动),该注册表项位于以下位置:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/MyServiceName
如果启动的值为 2(自动)、3(手动)、4(禁用),我们可以每 2 秒通过我们的服务检查一次(例如)起始值是否更改为 4,如果是,那么我们可以将其重置为 2。
但这里的问题是,从服务中我可以访问 USBSTOR 的值,但不能任何服务的注册表(由于安全问题)
我使用此代码以具有写入权限的方式访问 USBSTOR 注册表
Microsoft.Win32.RegistryKey key;
string user = Environment.UserDomainName + "\\" + Environment.UserName;
RegistrySecurity rs = new RegistrySecurity();
rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow));
key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\services\\USBSTOR", true);
key.SetAccessControl(rs);
key.SetValue("Start", "4",RegistryValueKind.DWord);
此代码工作正常。 (我将这段代码保留在计时器函数中,以便每次都使 Start 值 = 4,如果任何第三方工具试图通过注册表修复来启用 USB,则每次都会阻止 USB)
但问题是我希望在有人使用 USB 时收到通知正在禁用服务。 我无法访问
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/MyServiceName
由于 Windows 创建的安全性,
注册表。但通过Windows应用程序我们可以访问
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/MyServiceName
注册表。因此,我创建了一个应用程序,它将在每次 Windows 启动时运行,并检查是否有人禁用了我的阻止 USB 的服务。
但这里还有一个问题是,用户可以转到
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
并删除我的密钥以阻止我的应用程序运行。
现在,在讲了长篇大论之后,我的实际问题是
如何阻止 USB 以便任何人都无法访问它 [我们可以通过在硬件级别阻止它或通过对其驱动程序进行一些更改来阻止它。如果是,那么如何?]
我们可以制作一个无法禁用的 Windows 服务吗? [如果是,那么怎么样?我们可以将其设置为 CanPauseAndContinue = False、CanShutDown = False、CanStop = False。但是有什么办法可以避免Disable吗?]
我们可以阻止访问注册表(特定密钥) 【杀毒软件可以做到这一点,那么它们是如何做到的呢?有谁有这样的想法或知识吗?我想如果有人试图编辑 USBSTOR 值,那么它必须说访问被拒绝]
请邀请每一位极客、程序员、黑客回答这个问题。 通过回答这个问题,各种新手也得到了制作安全软件的想法。请尝试解决我的问题。
提前致谢。
- 拉胡尔
I want to make a program to block USB so that no one can access USB port to transfer media.
I don't want to block USB port from BIOS because I use USB Key-board and Mouse.
Note: I want to give Administrator Privilege to all the systems but want to block just USB. In my office people need admin privilege to access other registries and windows services because those are programmers. Few Antivirus like Norton have options of blocking USB whether system is running in Admin or User mode. In this every system Client Antivirus runs and Server Antivirus runs in Server. We do settings in Server and in all clients USB gets blocked. Now please dont say that have Norton Antivirus :) I want to know that there must be any way like these Fundu programers did in Norton Antivirus.
Now what I did to achieve this so far.
I created two windows service. One service is continuously changing USBSTOR's Start value to 4 by using timer, to make USB disable always. Also first service is checking continuously whether Second service is running or not. If not then they are sending notification mail to me that some one has tried to stop the service.
Second service is checking continuously whether First service is running or not. If not then they are sending notification mail to me.
I made this so that People should not be able to stop service to unblock USB.
Now the problem is that people can disable my service and the service will not work. At this stage the STATUS of Service is Running but actually its Disabled. So I can only check the STATE (Disabled/Enabled/Automatic) from the Registry Key (Start) of my Service which will be at the location
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/MyServiceName
If Start's value is 2(Automatic), 3(Manual), 4(Disabled) we can check via our service every 2 seconds (for example) whether Start value got changed to 4, if yes then We can reset it to 2.
But here problem is that from service I am able to access USBSTOR's values but not any Service's Registies (Because of security issue)
I used this code to access USBSTOR registry with having write permission
Microsoft.Win32.RegistryKey key;
string user = Environment.UserDomainName + "\\" + Environment.UserName;
RegistrySecurity rs = new RegistrySecurity();
rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow));
key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\services\\USBSTOR", true);
key.SetAccessControl(rs);
key.SetValue("Start", "4",RegistryValueKind.DWord);
This code is working fine. (I kept this code in timer function to make Start value = 4 every time, to block USB every time if any third party tool is trying to enable USB by registry fix)
But the problem is that I want to get notification when ever some one is disabling Service. I can not access
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/MyServiceName
registry through due to security created by Windows.
But via Windows Application we can access
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/MyServiceName
registry. So I created an application which will run every time windows get started and will check that some one has disabled my service which blocks USB.
But here also problem is that user can go to
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
and delete my key to prevent my application to Run.
Now my actual question after a long story is that
How to block USB so that any one cant access it
[Can we block it by blocking it on hardware level or by making some changes in its Driver. If yes then How?]Can we make a windows service which cant be Disabled
[If Yes then How?. We can make it CanPauseAndContinue = False, CanShutDown = False, CanStop = False. But is there any way to avoid Disable it?]Can we prevent Access to Registries (Specific Keys)
[ Antivirus software can do this, then how they do this? Does anyone have any idea or knowledge to such an extent? I want if some one is trying to edit USBSTOR value then it must say that Access is denied]
Please Every Geeks, Programmers, Hackers are invited to answer this question.
By answering this various newbie also get an idea to make security softwares. Please try to give solution to my problem.
Thanks in Advance.
- Rahul
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可能只是用垃圾覆盖
USBSTOR.SYS,或者完全删除它(确保也删除SFP 的副本)。You might just overwrite
USBSTOR.SYSwith garbage, or delete it entirely (make sure to also nuke SFP's copy).您可以检测并删除大容量存储设备的任何 USB 驱动程序。如果重新安装驱动程序,您可以自动删除它,甚至监视插入的新硬件。如果它是基于 USB 的,则通过 API 调用禁用它。
You could detect and remove any USB drivers for mass storage devices. If a driver gets reinstalled you could delete it automatically or even watch for new hardware inserted. If it is USB based disable it via API calls.