Issue:
- User attaches a USB mass storage device but Device Control does not block access to it.
- Admin has disallowed writing to removable storage devices, this works correctly on USB thumb drives, however external USB disk drives can still be written to. How to ensure that writing to external disk drives is also blocked just like the USB thumb drives?
Resolution:
Note: This article is relevant to all WithSecure products using Device Control: Client Security, Server Security and Elements Endpoint Protection (EPP for Computers and EPP for Servers)
In some cases external USB disk drives report themselves to Windows as standard drives, and due to this Device Control sees them as normal drives instead of external. In the event that USB thumb drives are blocked but not external disks, try the following:
Device Control has an advanced device type recognition logic which is disabled by default, but can be activated by registry manipulation:
- Under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\F-Secure Gatekeeper\Parameters create a value of type DWORD with name EnableHotplugResolving and set the value to 1 - run cmd.exe with administrator priviledges
- net stop fsulhoster
- net stop "f-secure gatekeeper"
- net start fsulhoster
Test this out as it should resolve the problem.
A permanent fix for this issue will be available in CS/SS 16.01 for BS and also expected in new release of Elements in Q3 2024
Article no: 000006258