Blocking USB memory storage

PPAlen · 2020-10-16T06:59:00+00:00

There was an error rendering this rich post.

Hi all, i know that is possible on PolicyManager to control USB devices, but i was thinking is it possible to denny acces to some USB devices.

Here is the example:

USB memory not encrypted - can not be allowed, and can not be accesed

USB memory encrypted - can be accesed on Client computers

Is this possible?

Find more posts tagged with

Accepted answers

All comments

PPAlen

Thank you for your comment.

I know that it is possible to control USB devices but mine question was is it possible to controle more than that?

Control devices that are or not encrypted?

If the device is encrypted than the access is granted if not than the device is denied.

MonikaL

Hi PPAlen,

You can limit or block access permissions for removable drives using Device control. Refer to the following link for instructions:

Limiting access permissions for removable drives

Blocking device access using predefined rules

Getting Hardware ID for a device

You can make rules of various USB Classes where you can set the access level to Block and than make a white-list rule to allow the devices by hardware ID.

To know various Class please check this page,

https://en.wikipedia.org/wiki/USB

( Scroll down and find Device Classes )

Once you have blocked it make another rule to whitelist the devices by hardware ID.

To add an exception to a rule, follow these instructions:

1. Get the hardware ID for the device that you want to allow.

The hardware ID has to be more specific than the ID which is used to block the device.

2. Go to the Settings tab and select Windows > Device control.

3. On the Device access rules table, click Add.

4. Enter the hardware ID for the device as the Hardware ID in the new rule.

5. Set Access Level to Full access to allow the use of the device.

6. Set Active to Yes for the new rule

To Find Hardware ID Please refer to this,

Follow these instructions to find the hardware ID either with F-Secure Policy Manager or Windows Device Manager.

In Advanced view:

1. Open F-Secure Policy Manager and go to F-Secure Device Control > Statistics.

Use Hardware IDs, Compatible IDs and Device Class columns to find the ID of the device that has been blocked.

2. If you cannot find the ID using the statistics or the device has not been blocked yet, open Windows Device Manager

in the client computer.

3. Find the device which ID you want to know in the list of devices.

4. Right-click the device and select Properties.

5. Go to Details tab.

6. Select one of the following IDs from the drop-down menu and write down its value:

• Hardware IDs

• Compatible IDs

• Device class guid

Note: Device control can only be configured from the Policy Manger. There is no local configuration user interface.