USB detection using WMI script

Written by OSAblog on Sunday, June 21st, 2009

USB flash drives are very common and can be found in almost every computerized environment for storing and transferring data between computers. These USB devices make it really easy for potential attacker to exploit unprotected computers with malicious virus and Trojan software and provide a gateway to the network for manipulating sensitive data.

Detecting USB storage devices
There are some nice tools that can be found on the net that will notify about USB devices on local and remote windows platforms. But most of them are not free and will require an installation of an agent on the remote windows platforms. Using the preinstalled Windows Management Instrumentation (WMI) on windows platforms is free and will not require any remote agent. It will only require a simple script that can be run manually from a privileged user account or from another network monitoring software like Security Center: IDS IPS Network Access Protection and Switch Protector: NAC Network Access Control Monitoring network security scanners.

WMI notification event script
The following USB notification event script will send an event message in response to any operation of USB device on local or remote windows platform. For simplicity, the script is using a temporary event subscription, which exists only as long as the script is running. Some modifications will be needed for a permanent event subscription that will not require a perpetually running script:

VBScript (should be copied and saved as .vbs file):
strComputer = “.” ‘(Any computer name or address)
Set wmi = GetObject(”winmgmts:” & strComputer & “rootcimv2″)
Set wmiEvent = wmi.ExecNotificationQuery(”select * from __InstanceOperationEvent within 1 where TargetInstance ISA ‘Win32_PnPEntity’ and TargetInstance.Description=’USB Mass Storage Device’”)
While True
Set usb = wmiEvent.NextEvent()
Select Case usb.Path_.Class
Case “__InstanceCreationEvent” WScript.Echo(”USB device found”)
Case “__InstanceDeletionEvent” WScript.Echo(”USB device removed”)
Case “__InstanceModificationEvent” WScript.Echo(”USB device modified”)
End Select
Wend

JScript (should be copied and saved as .js file):
strComputer = “.”; //(Any computer name or address)
var wmi = GetObject(”winmgmts:” + strComputer + “rootcimv2″);
var wmiEvent = wmi.ExecNotificationQuery(”select * from __InstanceOperationEvent within 1 where TargetInstance ISA ‘Win32_PnPEntity’ and TargetInstance.Description=’USB Mass Storage Device’”);
while(true) {
var usb = wmiEvent.NextEvent();
switch (usb.Path_.Class) {
case “__InstanceCreationEvent”: {WScript.Echo(”USB device found”); break;}
case “__InstanceDeletionEvent”: {WScript.Echo(”USB device removed”); break;}
case “__InstanceModificationEvent”: {WScript.Echo(”USB device modified”); break;}}}

For more information on network security and management software solutions for real-time monitoring systems, please visit Lan-Secure.com: Network Management Software.

Article Source:http://www.articlesbase.com/security-articles/usb-detection-using-wmi-script-981885.html

Share and Enjoy:

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

Technorati Tags: Case Usb, Class Case, Computer Name, Flash Drives, Malicious Virus, Mass Storage Device, Monitoring Network, Nac, Network Access Control, Network Monitoring Software, Privileged User, Security Scanners, Sensitive Data, Unprotected Computers, Usb Devices, Usb Storage Devices, Windows Management Instrumentation, Windows Platform, Windows Platforms, Winmgmts

If you enjoyed this post, make sure you subscribe to my RSS feed!

Related Posts

Network Security Revolution Network security is always been the most concerning topic for the experts. Every one wishes to keep their network safe from hackers. We are in the age of network security revolution. Many companies have been trying to launch a product that keeps the network safe from hackers. As the volume......
How does An Antivirus Program Work? Today most of all people whether they use computer or not are familiar with the term ‘antivirus software’. Antivirus software is especially necessary for those who have internet connection in their PC and spend a long time surfing the internet. But how many of them exactly know how does an......
Printer and Scanner Printer, which produces hard copy of documents or data stored in electronic form, is an almost inseparable part of a computer. A printer usually produces human readable copy of text or/and graphics, which can be termed as hard copy. A number of printers are primarily connected by a printer cable......
Virus: M. Jackson's Death And Threats: Interent Explorer What you need to know: Another major news story sparks the release of viruses. Hackers Are taken advantage of the highly publicized death of Michael Jackson and duping unsuspecting users into installing malware on their computers. What you need to Do: * Be Skeptical of links and sites that play......
Kaspersky; Ups the ante Kaspersky Lab, a leading developer of Internet threat management solutions that protect against all forms of viruses, spyware, hackers and spam, has made significant improvements in their anti-malware technology, by significantly improving the level of protection and performance that customers have come to expect from Kaspersky. Their admin pack due......

Related Websites

Form Filling Jobs Are Available In The Internet There are a lot of workers who are in dire need of extra money and as a result they start looking for the filling jobs that is often available online. However, in that case it is necessary to make carefully the selection process and find the site that is considered......
Home Network Security [/caption] Home Computer security 1. What is computer security? Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or......
Butterfly Hardfull Table Tennis Racket Case II (White) User Reviews Send this to a friend Butterfly Hardfull Table Tennis Racket Case II (White) Manufacturer: Butterfly Customer Rating: List Price: $35.99 Sale Price: $29.99 Availibility: Usually ships in 2-3 business days Buy Now Product Description Sleek racket case with hard outer shell. Provides excellent protection for your racket.......
LG 3D LED TV. Free Bundle LG 3D Glasses And 3D Blu-ray Player LG 3D Bundle Includes Free 3D Bly-ray Player and Free 3D Glasses! To experience LG 3D technology you need a 2010 LG 3D ready TV and LG 3D Active Shutter Glasses. LG offers interesting bundles in order to make its 3D lineup a lot more interesting as LG company plans......
Free Financial Management Software When it comes to your getting out of debt, having the right software can actually make a real world of difference. Some people tend to manage their efforts at debt reduction with something that is as simple and as straight forward as a computer spreadsheet while other people tend toward......