Immunizing portable HDD

Sorry but I cannot track down that software I mentioned. (Monitors all files that attempt to launch when USB is inserted with option to block) - if I ever remember it - I'll post it.

Okay - in the meantime I tried other software and the easiest one to use (in my opinion) is this one:

USB Disk Security

My security software says it's clean and so does VirusTotal. It comes with a couple of extra tools that you don't need and in my opinion you should not use those extras.

If you install the program it creates auto-start entries so that it will launch on boot. This can be prevented and you can run the program on demand by clicking on the desktop shortcut.

So here's what you get:

A way to safely open USB devices. Launch the program then plug in your USB and you get the option to safe open.

Note: I don't have my own infected USB for test purposes. You get the option to delete any threats found and additionally the option to scan the USB.

On the USB Scan tab there is an option at the bottom of the window to disable autorun on all drives and you should use it!

You can use Ccleaner to disable the Autorun entry that the program creates and prevent it from starting with windows.

Here are the entries that get created if you want to delete them manually.

The program also creates a shortcut named "Web Navigation" on your desktop. It can be deleted.

The "Safe Sites" button just let you check entered URL's against a few online site safety checking services.

"Data Protection" tab offers options for locking / unlocking USB access and is not needed in your case.

"System Tools" - should be avoided in my opinion.

"Quarantine" - lets you restore any quaratined files if you need to.

You could try this program for a while if you like and perhaps let us know if it solves the problems that you are having with external drives.

In order to detect threats, what scan engine does USB Disk Security use?

There is also MCShield
MCShield ::Anti-Malware Tool::

It is a very light program that I have used successfully.

cottonball said:

In order to detect threats, what scan engine does USB Disk Security use?

I have little information to go on. All I can say is that I don't see an auto update feature or virus definitions. Having done more research and read the review here:

USB Disk Security Download - Softpedia

All I can say is that it would appear that it doesn't do what it claims to do and certainly isn't worth paying for! I suppose the autorun.inf protection is better than nothing. If autorun is disabled you'd need to use your onboard security software to scan the USB drive.



@Gabe22

It's probably not a good idea to rely on USB Disk Security. Like I said I didn't test it against live threats and it seems that it will not do a great job.

You know my preferred solution already - something that detects any executable or script that attempts to run and prompts the user for action (allow, block, quarantine or sandbox) and also scans the file against a few cloud scanners.

So nothing can run unless I've whitelisted it.



I cannot recommend that you use this software (VoodooShield) as it's more suitable for advanced users. It's too easy to whitelist something by mistake or block something that you shouldn't. Again configuration is an issue.

I agree with Cottonball and would suggest trying MCShield although some users claim that it doesn't protect against worms. I reckon you'd have to use it in "Paranoid Mode" but if you're going to do that you might just as well switch Comodo's HIPS into paranoid mode before plugging in external drives. Get ready for pop ups though.



You could just toggle paranoid mode on when plugging in drives and switch back to safe mode if everything checks out okay.

Alright I'll try out both "Paranoid Mode" and "MCShield" will post back results afterwards.

upate ***

Tried both CIS "Paranoid Mode" and "MCShield" with its own paranoid mode, detected mostly couple of exes related to the WD drivers and I don't quite follow the MCShiled ... for example when I tried scan on the portable drive: Right click context menu > scan ... it displayed "nothing detected" within seconds ... just wondering how does a scanning system work that fast(its not as if the drive is empty, its almost 75% full).

So based on all the scan results .. should I assume probably is high that the virus is somehow remvoed from the portable hdd?

Re: Portable HDD. Paranoid mode - should give you info on any important or suspicious changes. It's a pain though and if using Comodo HIPS it's best to leave it in training mode as you carry out your normal low risk activities and only activate it once it's been safely trained. Then activating it in safe mode is the best option but for plugging in external drives paranoid mode should warn you if something attempts to run or make changes to system files. Personally I don't use Comodo HIPS and use an alternative but COMODO HIPS does work. Also the sandbox should isolate anything it considers untrusted.

Re: Scanning external drives. I've been searching for the command line switches needed to automatically initiate a scan of any external drive as soon as it's plugged in but there is very little information available from Comodo on this.

When you plug in a drive do you get the option to right click and scan? If so - use that method for now.

A couple of items that may be of interest...

Automatically Scan for Viruses When Plugging in a USB Flash Drive:
https://www.raymond.cc/blog/automati...b-flash-drive/

Uses USBVirusScan
The configuration and launching is done from a batch file called Start.bat



Comodo:
https://help.comodo.com/topic-119-1-328-3793-.html

Running a Custom Scan from the Command Line Interface:
To run a full scan of your system, just enter:
C:\Comodo\CCE\CCE -s

Scan Drives
The hard disk drive partition(s) to be scanned can be specified as arguments for the parameter -d.
Syntax:
-d “<drive letter 1>;<drive letter 2>... ”

Example:
To run a scan drive partitions 'C: and 'D:'
C:\Comodo\CCE\CCE -s -d "c;d"