Blocking USB memory storage
Hi all, i know that is possible on PolicyManager to control USB devices, but i was thinking is it possible to denny acces to some USB devices.
Here is the example:
USB memory not encrypted - can not be allowed, and can not be accesed
USB memory encrypted - can be accesed on Client computers
Is this possible?
Answers
-
Hi PPAlen,
You can limit or block access permissions for removable drives using Device control. Refer to the following link for instructions:
Limiting access permissions for removable drives
Blocking device access using predefined rules
Getting Hardware ID for a device
You can make rules of various USB Classes where you can set the access level to Block and than make a white-list rule to allow the devices by hardware ID.
To know various Class please check this page,
https://en.wikipedia.org/wiki/USB
( Scroll down and find Device Classes )
Once you have blocked it make another rule to whitelist the devices by hardware ID.
To add an exception to a rule, follow these instructions:
1. Get the hardware ID for the device that you want to allow.
The hardware ID has to be more specific than the ID which is used to block the device.
2. Go to the Settings tab and select Windows > Device control.
3. On the Device access rules table, click Add.
4. Enter the hardware ID for the device as the Hardware ID in the new rule.
5. Set Access Level to Full access to allow the use of the device.
6. Set Active to Yes for the new rule
To Find Hardware ID Please refer to this,
Follow these instructions to find the hardware ID either with F-Secure Policy Manager or Windows Device Manager.
In Advanced view:
1. Open F-Secure Policy Manager and go to F-Secure Device Control > Statistics.
Use Hardware IDs, Compatible IDs and Device Class columns to find the ID of the device that has been blocked.
2. If you cannot find the ID using the statistics or the device has not been blocked yet, open Windows Device Manager
in the client computer.
3. Find the device which ID you want to know in the list of devices.
4. Right-click the device and select Properties.
5. Go to Details tab.
6. Select one of the following IDs from the drop-down menu and write down its value:
• Hardware IDs
• Compatible IDs
• Device class guid
Note: Device control can only be configured from the Policy Manger. There is no local configuration user interface.
0 -
Thank you for your comment.
I know that it is possible to control USB devices but mine question was is it possible to controle more than that?
Control devices that are or not encrypted?
If the device is encrypted than the access is granted if not than the device is denied.
0
Categories
- All Categories
- 4.7K WithSecure Community
- 3.6K Products
- 1 Get Support