Illegal Content in Company Assets

Question

I am trying to find illegal content in company laptop such as: movies, torrents, music, etc.

We are thinking of building a script that automates the search and reports filenames with certain extensions (.avi, .tor, .mp3, etc).

Does anyone has done this differently or have used a specific software for this purpose?

Thanks,

Are you wanting to look in a file server, or remote machines? — Cory Knutson, May 05 '17 at 14:39
What do you mean illegal content? Are movies illegal? Is music illegal? — joeqwerty, May 05 '17 at 15:13
Remote machines. illegal content such as pirated movies and music. — Andre, May 05 '17 at 15:18
Do you have reason to believe it's a problem in your company? — ceejayoz, May 05 '17 at 16:57
This can't be done, because there's no algorithmic way to tell what files are legal and what are not. Only a court case can determine that for sure. — Mike Scott, May 15 '17 at 14:50

score 2 · Answer 1 · answered May 06 '17 at 14:16

2

Why try to find it? How to tell if it is pirated or if the use is actually legitimate? File format doesn't tell anything about the contents, e.g. an .avi can be a home video and even a .tor can be a Linux image or something. Scanning through the content is heave.

Instead block illegal sources. It is trivial to block unwanted protocols on any firewall. In addition, any UTM solution probably have content filters already rating sites related to piracy.

If they do it at home it's entirely their responsibility and your company won't be sued.

answered May 06 '17 at 14:16

Esa Jokinen

43,252
2
75
122

"If they do it at home it's entirely their responsibility and your company won't be sued." OP says "company laptop". Doing it at home and bringing it to work isn't going to be good in a BSA raid or something similar. – ceejayoz May 06 '17 at 19:30
While there are certain cultural and legal differences between US and Europe, I still don't think that BSA does random raids on random companies without already having some evidence that copyrighted material has been illegally shared from the company network... which would have been prevented... by blocking unwanted (p2p) protocols and illegal sources. ;) – Esa Jokinen May 06 '17 at 20:35

30000MONKEYS · Accepted Answer · 2017-05-07T11:43:40.697

We don't know how your company is run, but this could be a way to get yourself into trouble, and/or make your users hate you. As others stated, the best way to prevent that stuff is to block p2p traffic. File types are not illegal per se.

However, if you are sure you want to do this and are allowed to, the best way would be to use a simple Powershell Script.

This one will not give you beautiful results, but it will give you a starting point. It will save the Output in a .txt File on the user's computer.

# * Make an array of Computers you want to check
$ComputerNames = "PC1","PC2","PC3"
# * Define the path you want to check there
$Path = "C:\Users\"
# * Loop through your List of PCs
Foreach ($Computer in $ComputerNames) {
    # * Invoke Command on every PC in List
    Invoke-Command -ComputerName $Computer {
        # * Get the Files you search for and write them in a text file.
        Get-Childitem -Path $Path -File -Recurse|Where-Object {$_.Extension -eq ".mp3" -Or $_.Extension -eq ".avi" -Or $_.Extension -eq ".tor"}|Select-Object FullName > C:\Output.txt
    }
}

score 0 · Answer 3 · answered May 15 '17 at 14:47

If the problem is out of control you can block file type association with your AV product usually.

An enterprise I know blocked the .mp3 extension completely, thus the user can't run/write those files and the admin got a alert about the try out. Do it after some internal memo..

An example for McAfee with Access Protection there, How to create or modify an Access Protection Rule from a VSE 8.x or ePO 5.x console

Illegal Content in Company Assets

3 Answers3