How to configure Device control where all of USB devices are blocked unless white-listed by its hardware ID.

Issue:

How to configure Device control where all the USB devices are blocked unless white-listed by its hardware ID.

Resolution:

You can make rules of various USB Classes where you can set the access level to Block and than make a white-list rule to allow the devices by hardware ID.

To know various Class please check this page,

https://en.wikipedia.org/wiki/USB (Scroll down and find Device Classes)

Once you have blocked it make another rule to whitelist the devices by hardware ID.

To add an exception to a rule:

1. Get the hardware ID for the device that you want to allow.
The hardware ID has to be more specific than the ID which is used to block the device.
2. Go to the Settings tab and select Windows > Device control.
3. On the Device access rules table, click Add.
4. Enter the hardware ID for the device as the Hardware ID in the new rule.
5. Set Access Level to Full access to allow the use of the device.
6. Set Active to Yes for the new rule

To Find the Hardware ID:

Follow these instructions to find the hardware ID either with Policy Manager or Windows Device Manager.
In Advanced view:

Open Policy Manager Console and go to Device Control > Statistics
- Use Hardware IDs, Compatible IDs and Device Class columns to find the ID of the device that has been blocked.
If you cannot find the ID using the statistics or the device has not been blocked yet, open Windows Device Manager in the client computer.
Find the device which ID you want to know in the list of devices.
Right-click the device and select Properties.
Go to Details tab.
Select one of the following IDs from the drop-down menu and write down its value:
- Hardware IDs
- Compatible IDs
- Device class guid

For Elements Endpoint Protection for Computers and Servers you can set restrictions on how users can access USB devices (for example, web cams and hard disks) and whether removable mass storage devices are allowed to execute installers.

To set up Device control:

Under Profiles, select a profile.
From the menu on the left, select Device control.
Turn Device control on.
- Note: If Device control is on, all devices that are connected to the computer are visible on the device page under Connected devices.
4. Under Removable mass storage devices, you can turn on one of the following options:

Allow write access - when this option is off, users cannot copy files to a removable mass storage device. Removable mass storage devices can only read data.
Allow executables to run - when this option is off, executing files from removable mass storage devices is prevented.

Note: For USB devices, Device ID from Device Manager should be viewed from the following;

Device Manager > Disk Drives > USB partition

The reason is when you insert USB device into a PC it is not necessarily detected as as a single device in Windows, because of the possibility of partitions. So, if some flash drive has several partitions on it, it will be detected as both "USB Mass Storage Device", with every partition presented as a separate 'device' under Disk Drive. This is reflected in Policy Manager alerts and Elements Security Events.