Hi,
I want to block absolutely all USB devices except keyboards and mice - I have created a rule but it does not appear to work!
The rule is quite simple -
Correlations: Systemstatus.EventInfo="Attached" SystemStatus.ProviderSID="USB"
Correlation Time: Events Within: 30 seconds Response Window: 5 minutes (default)
Actions: Detach USB Device - Agent: SystemStatus.InspectionIP Device: SystemStatus.ExtraneousInfo
Rule is enabled and shows no errors.
I am a bit of a beginner with this and would appreciate any help and comments.
Thanks,
Alan
