3 Replies Latest reply on Dec 12, 2013 2:27 PM by nicole pauls

    USB Defender - Automatically whitelist specific devices

    jwilliamsfis

      Is there any way to somehow create a rule or something that will automatically permit all USB devices of a certain type?  For example, all USB keyboards and mice would be automatically permitted.

       

      Thank you.

       

      Jason

        • Re: USB Defender - Automatically whitelist specific devices
          evanr

          USB defender never detaches a USB device unless you have set up a rule to do so.  All it does is generate events related to USB mass storage devices.

          • Re: USB Defender - Automatically whitelist specific devices
            curtisi

            It's true that USB defender will not detach any device unless the LEM has a rule that causes that to happen.  If you have LEM deployed, there is a rule template included called "Template: Detach Unauthorized USB Device."  It includes in the example conditions a "white-list" of authorized devices.

             

            I've even seen a rule that could be used to white-list devices easily.  Basically, it was "If a USB device is plugged into [SPECIFIC NODE], then add it to the white-list."  The admin had his workstation as the [SPECIFIC NODE], so anything he connected was added to the white-list.  He ran through all the devices his company allowed, and then disabled the rule.  If he needs to add more to the white-list, he can re-enable the rule, but otherwise his workstation is subject to the same rules as anyone else.

            • Re: USB Defender - Automatically whitelist specific devices
              nicole pauls

              It's also worth noting that we don't even pass mice/keyboards on to USB-Defender, only mass storage devices, network devices, and phones. You likely won't even see events when these devices are plugged in, unless you're using the "Extended" USB-Defender connector, in which case you should be careful.

               

              USB Defender local policy is similar, we ignore things that aren't mass storage, network, and phones (anything that could walk data off).