To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Device Management in PM16 (specifically: blocking USB Mass Storage)

zwp-secure
zwp-secure W/ Member Posts: 20 Cyber Knight

Hi there,

I´m testing the blocking of USB Mass Storage Devices in Policy Manager 16. Blocking works successfully, but I cannot get exceptions to work. This is how it looks in PM:

As you see, I blocked USB Mass Storage Devices: OK. Next, I tried to enable 2 specific USB Flash Drives by their Hardware IDs. But this does not work. These Flashdrives keep being blocked. What am I doing wrong?

Best Answer

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 215 Moderator
    edited March 14 Answer ✓

    Hi @zwp-secure

    Thank you for reaching out the WithSecure Community,

    Ensure that the Hardware ID for the devices is correct, verify that the device is enabled in the Windows Device Manager, and then re-add the device ID to the filtering rules. In addition to the hardware ID, you can also utilize the compatible ID, device class GUID, or parent ID. For further details, please refer to the https://www.withsecure.com/userguides/product.html#business/policy-manager/16.00/en/task_873DEEF580AA4A9C8816AC2B899750DB-16.00-en .

    If you are encountering issues where Device Control is not blocking "write access" or "executable launching" on USB mass storage devices, it could be because external USB disk drives are being recognized by Windows as standard drives. In such scenarios, Device Control perceives them as regular drives rather than external ones. To address this problem, follow the steps outlined in the instructions provided here.  

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™ https://www.withsecure.com/en/home

Answers

  • zwp-secure
    zwp-secure W/ Member Posts: 20 Cyber Knight

    Thanks. I found the right ID. In the german version it´s called "Geräte ID".