Allowing to write to USB devices when Application rule Block Writing to USB is implemented.
search cancel

Allowing to write to USB devices when Application rule Block Writing to USB is implemented.

book

Article ID: 163478

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

  • You have configured Application and Device control policy to Block USB Access and also implemented Application control rule to Block writing to USB devices.
  • You only want specific USB devices to be allowed and writing to those USB devices should be enabled.
  • Rest all other USB devices (Thumb Drive, External Hard Disk) should be blocked.

Environment

  • Managed Environment of SEPM and SEP client with full protection technology.

Resolution

Adding Device ID in Hardware List.

  • Identify a client machine which has open USB Access.
  • Connect the desired USB device to the machine and using Dev Viewer application make a note of Device ID of the USB Device.
  • Continue with the same process and make note of all device id's you want to allow.
  • In SEPM go under polices tab, Expand Policy component and select Hardware Devices.
  • Under Task click on "Add a Hardware Device" Give the device name and select Device ID Radio Button and enter the Device ID captured earlier.
  • Continue with the same process until all device id's are added in the list.

Creating Device Control Rule to Block USB devices and allow selected devices.

  • Under Policies select "Application and Device Control Policy" and Edit the one you want to implement.
  • Navigate to Device Control. Under "Blocked Devices" click Add and select "USB" Class ID and click OK.
  • You can add other Class ID 's as well if required.
  • Under "Device Excluded From Blocking" Click Add and Select "Human Interface Devices". This will allow USB Mouse and Keyboard to function correctly on client machines.
  • Continue adding other Hardware devices which were added in the Hardware Device list which need to be excluded from blocking.
  • Once required hardware devices are added under exclusion do not click OK. Move to Application Control Rule.

Creating Exception under Application Control Rule.

  • Assuming you have "Block Writing to USB drives" enabled which will prevent user to write or copy any files or folder to USB devices.
  • Select the rule "Block Writing to USB drives" and click Edit.
  • Select "AC4-1.1 Block writing to USB devices".
  • Under Properties tab make sure that "Apply to the following files and folder" should have a wildcard entry "*". This will ensure that writing to USB devices is blocked.
  • Navigate to the next section.
  • Under "Do not apply to the following files and folders" click on Add.
  • Under "File or Folder Name to Match" put a Wildcard Entry "*".
  • Select "Only match files on the following device id type" and click on Select tab.
  • Highlight the Hardware Device available in the list which you want to exclude and click OK. This will be the same hardware id's which was previously added under Hardware Devices list.
  • Continue the same process of remaining devices which you want to exclude from the Application Rule.
  • Once desired devices are added click on OK on the main policy page and assign the policy to the required client group.
  • Wait for the policy serial number to update on SEPM and make sure that client have received updated policy from SEPM.
  • Once confirmed that both SEP client and SEPM are on same policy continue testing with the USB device which was added under exception.

You should be able to copy files or folders to the excluded USB devices while other USB devices will be blocked on the client.