When the USB storage is blocked by SEP device control, the USB storage disk won’t be shown in “Computer”, but if user have a VMware installed on this host, and a Windows OS is installed in the VMware, the OS operator could be able to access the USB disk by mount the USB drive to the OS in VMware as below:
If the OS in VMware don’t have SEP installed, the OS operator will be able to read and write files to USB storage drive
This is because the VM is using a VMware USB Arbitration Service to access the host’s USB resource, and this action is out of SEP "device control policy" control
There’s a workaround on this issue, to stop VMware OS operator access USB storage, you can add an application control policy to block the VMware USB Arbitration Service from running, and this will stop VMware to mount USB storage from host to VMware
Please follow below step for operation
Add a new rule in the Application and Device control policy
Block Read Attempt for VMware USB Arbitration Service
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe for 32bit SEP client OS
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe for 64bit SEP client OS
NOTE: The path may not exactly same as above, you may ask VMware technical support team for the path detail of the exe files.
Restart the VMware host
Subscribing will provide email updates when this Article is updated. Login is required.