Defense + does not blocks file on Removable media

Xp sp3
CIS 3.12

defense+ in paranoid mode.

Defense+ does not generate any alert if files are executed from Flash drive irresective of mode( paranoid, safe mode, clean Pc mode)

to verify it copy one exe in your pen drive . click run> cmd and then execute the file no alerts are generated.

-Similarly if you use windows explorer to double click on file no alert are generated.

  • Create a bath file that will execute this exe and create a folder under system32 folder and run it from command promt noalert will be generated,

-copy these files to your Hard disk these files will be shown in My pending list but on executing No alerts are generated.

-the only way to prevent exe from running ( Pen drive) is to add pen drive to my blocked files list.

-so we can safly say that there will be no harm if you disable d+

regards

Adi