Questions

In event viewer, Is there a way to tell if the CD tray has been opened.

Tags:
+
0 Votes
Locked

In event viewer, Is there a way to tell if the CD tray has been opened.

Cverbs
We have discovered that someone had put a bootable disc into a PC at a branch office. There is no legitimate reason for anyone to use CDs in this office. This PC now comes up on a virus scan. We are trying to find out when that might have happened so we can look at security tapes to find out who installed it. Is there a way in event viewer to see when the tray was opened or when any malicious software may have been installed?

Thanks in advance for any info.
  • +
    0 Votes

    No

    JPElectron

    That is not logged in event viewer, and you wouldn't want to rely on that...

    What if Windows wasn't running at the time - OR - the PC was off, then the CD drive was opened with the paperclip method - OR - the CD was inserted anytime before windows was finished loading - you'd have no knowledge of the CD getting in there.

    You should disable booting from CDs (and USB sticks) in the BIOS of the machine, then set a password to get into the BIOS so someone can't change it.

    Or consider any of the following: remove the CD drive, unplug the CD drive and fill the connectors with hot-glue, unplug all USB connectors, fill all USB connectors with hot-glue, there is also software that will disable software running from CD and USB but if someone is admin of the machine, or clever enough, it can all be undone.

    Better watch the security camera and fire the employee, in my opinion.

  • +
    0 Votes

    No

    JPElectron

    That is not logged in event viewer, and you wouldn't want to rely on that...

    What if Windows wasn't running at the time - OR - the PC was off, then the CD drive was opened with the paperclip method - OR - the CD was inserted anytime before windows was finished loading - you'd have no knowledge of the CD getting in there.

    You should disable booting from CDs (and USB sticks) in the BIOS of the machine, then set a password to get into the BIOS so someone can't change it.

    Or consider any of the following: remove the CD drive, unplug the CD drive and fill the connectors with hot-glue, unplug all USB connectors, fill all USB connectors with hot-glue, there is also software that will disable software running from CD and USB but if someone is admin of the machine, or clever enough, it can all be undone.

    Better watch the security camera and fire the employee, in my opinion.