Whitelist a specific USB mass storage key with F-Secure Endpoint

apache · 2023-12-14T16:14:55+00:00

There was an error rendering this rich post.

Hi,

I use F-Secure Endpoint in version 15.30 .

I blocked by default all the USB Mass storage devices on all workstations. Now I would like to whitelist a specific USB but it doesn't seem to work.

Anyone already faced this issue?

Thank you for the help

Find more posts tagged with

Accepted answers

All comments

Sethu Laks

Hi @apache

Thank you for reaching out the WithSecure Community,

For USB devices, Device ID from Device Manager should be viewed from the following;

Device Manager > Disk Drives > USB partition

The reason is when you insert USB device into a PC it is not necessarily detected as as a single device in Windows, because of the possibility of partitions. So, if some flash drive has several partitions on it, it will be detected as both "USB Mass Storage Device", with every partition presented as a separate 'device' under Disk Drive. This is reflected in Policy Manager alerts and Elements Security Events.

To know various Class please check this page, (Scroll down and find Device Classes): https://en.wikipedia.org/wiki/USB

Follow these instructions to find the hardware ID either with Policy Manager or Windows Device Manager.
In Advanced view:

1. Open Policy Manager and go to Device Control > Statistics.
Use Hardware IDs, Compatible IDs and Device Class columns to find the ID of the device that has been blocked.
2. If you cannot find the ID using the statistics or the device has not been blocked yet, open Windows Device Manager
in the client computer.
3. Find the device which ID you want to know in the list of devices.
4. Right-click the device and select Properties.
5. Go to Details tab.
6. Select one of the following IDs from the drop-down menu and write down its value:
• Hardware IDs
• Compatible IDs
• Device class guid

You can refer to the following article to know more information https://community.withsecure.com/en/kb/articles/5517-blocking-device-access-using-predefined-rules

https://community.withsecure.com/en/kb/articles/29565-withsecure-elements-device-control-not-blocking-write-access-or-executable-launching-on-usb-mass-storage-devices

If the issue remain, could you please upgrade it to latest version 16.x for Policy Manager/Client Security/Server Security and check again?

If you have any further questions or need assistance in setting up these rules, please let me know.

Best regards,
Sethu
Community Moderator | Technical Support Engineer
WithSecure™ https://www.withsecure.com/en/home