CPM detected an attempt to access an unauthorized device connected to your

system · November 13, 2012, 9:17pm

Hi I’m working on a problem with Tivoli Endpoint Manager for Core Protection Moduel (ie. CPM) V10.5

I’m currently having an issue where the CPM module is blocking the Autorun.ini file on a USB device. I’ve looked up the admin guide for

the product, and according to the guide, the CPM Device Control is blocking it. Problem with that is I haven’t configured device control,

nor do I have the option to do so from my console. I don’t appear to be licensed for the Data Protection, which is required to configure device

control.

We are receiving the following CPM popup information on the client pc:

“CPM detected an attempt to access an unauthorized device connected to your computer”

popup is present by the program

c:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe -HideWindow

http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_8

.2/DataProtectionforCPM_PDF.pdf

Tivoli Endpoint Manager

Data Protection for CPM 10.6 SP1

Administrator s Guide

Version 8.2

Managing Access to External Devices

suggestes that that what is needed it

Navigate to Endpoint Protection > Core Protection Module >

Configuration

Device Control > Device Control Settings.

Select Enable Device Control.

(or De-Select it) to fix this, but “Device Control” does NOT exist under “Configure” navigator item??

“Device Control” DOES appear if Core Data Protection (ie.CDP) is installed (which it is not in this case) ???

What needs to be done to disable this USB checking when CDP is NOT installed?

Regards … Leslie

system · November 13, 2012, 9:24pm

(imported comment written by lgomba)

One more note, the only USB relevant fixlets on these computers are

“Removable Media: Disable Future Use of USB Storage Devices”

and

“Removable Media: USB Storage Device Detected”

Regards … Leslie

system · November 14, 2012, 12:08pm

(imported comment written by SystemAdmin)

There are 2 possible ways.

(1) The easier way is to use an existing task on the endpoints

Core Protection Module - Disable Unauthorized Change Prevention Service (101)

(2) The other option is to customize a task similar to the one created by Core Data Protection (ie.CDP).

Attached is the one derived from CDP.

While the Action and Relevance should be modified.

Relevance: CPM 10.5 installed, x86.

Successful Criteria: completion of the action script

The digested Action will be in the attachment of the following reply.

system · November 14, 2012, 12:09pm

(imported comment written by SystemAdmin)

The Action for (2) could be as the attachment.

system · November 15, 2012, 1:53am

(imported comment written by lgomba)

Thanks very much Raymond, I’ll give it a try. Quick question, how did you know this fixlet would do the trick? Is it documented or is this something from past experience ?

Regards … Leslie

system · November 19, 2012, 7:31pm

(imported comment written by lgomba)

The Fixlet (ie.

ID= 101

Name= Core Protection Module - Disable Unauthorized Change Prevention Service

Site= Trend Micro Core Protection Module

Category= Maintenance

worked, but the customer would prefer to have that service running for

Behavior Monitoring and Client Self-Protection.

Is there a way to just disable the Device Monitoring for USB’s portion noting that Data Protection is NOT installed/licensed???

Thanks … Leslie