Overview:


This article outlines the process involved with implementing removable storage device control.


Configuration Steps:


Log into the Cloud account and go to:

 

Filter Management à Overview 

Click on Edit to modify the policy 

Endpoint à Custom

Expand Customization 


Enable USB Manager


Open the status page

Then click on Setup à Devices



note.jpg

Note

Login using Maintenance password to view/edit devices module:  

http://127.0.0.1:8000/setup/login



Authorize or restrict use of a removable storage device from the list



note.jpg

Note

If a particular device is not listed on the page, you may click on Refresh Devices button or plug it into a different USB port. 


Troubleshooting:


Three devices are connected here, none of them in the authorization list.

Every device starting with a ‘red’ column is disabled:


When you connect a device that is not authorized, Endpoint will disable it and show a warning in user desktop (unless popup messages are disabled):



Endpoint will allow authorized devices to run.

Every device starting with a ‘green’ column is enabled and connected:

You may rename a device as needed:



If Policy does not enable USB manager, you will still have a chance to manage local devices.

This is intentional to allow re enable devices after turning off USB manager.


note.jpg

Note

when Policy USB Manager is not enabled, you will not have a chance to disable devices. 





log data

A log file will be generated under log folder: usb.log.

log\usb.log

2015/07/30 21:35:20 request device: USBSTOR\DISK&VEN_SAMSUNG&PROD_M3_PORTABLE&REV_3_\00000000011E0BA9&0

2015/07/30 21:35:21 USB device has been enabled

2015/07/30 21:35:48 request device: USBSTOR\DISK&VEN_SAMSUNG&PROD_M3_PORTABLE&REV_3_\00000000011E0BA9&0

2015/07/30 21:35:48 USB device has been disabled

2015/07/30 21:36:12 request device: USBSTOR\DISK&VEN_SAMSUNG&PROD_M3_PORTABLE&REV_3_\00000000011E0BA9&0

2015/07/30 21:36:12 USB device has been enabled

2015/07/31 08:01:55 request device: USBSTOR\DISK&VEN_SAMSUNG&PROD_HD502HJ&REV_\20B9BB07450F&0

2015/07/31 08:01:57 USB device has been disabled


System log will also store several USB data information.

log\isf.log

+ [2015/07/31 08:00:46] Current Policy: Montevideo R&D office [jorge] -Policy change detected-

- [2015/07/31 08:01:55] USB device connected: USBSTOR#Disk&Ven_SAMSUNG&Prod_HD502HJ&Rev_#20B9BB07450F&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

- [2015/07/31 08:01:55] USB device id: USBSTOR\DISK&VEN_SAMSUNG&PROD_HD502HJ&REV_\20B9BB07450F&0

- [2015/07/31 08:01:55] USB device name: SAMSUNG HD502HJ USB Device

- [2015/07/31 08:01:55] USB device not authorized; locking device

+ [2015/07/31 08:01:55] Running command: endpoint usb

- [2015/07/31 08:01:57] USB device disconnected: USBSTOR#Disk&Ven_SAMSUNG&Prod_HD502HJ&Rev_#20B9BB07450F&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

- [2015/07/31 08:04:57] USB device connected: USBSTOR#Disk&Ven_USB2.0&Prod_CARD-READER&Rev_1.01#8120420080429000&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

- [2015/07/31 08:04:57] USB device id: USBSTOR\DISK&VEN_USB2.0&PROD_CARD-READER&REV_1.01\8120420080429000&0

- [2015/07/31 08:04:57] USB device name: USB2.0 CARD-READER USB Device

- [2015/07/31 08:04:57] USB device found in custom Authorized Devices; no action taken


A new module is going to be automatically installed by Endpoint under tool folder: endpoint_usb[32/64].exe.

That module is responsible for USB device locking/unlocking and will be started by Endpoint on demand.



note.jpg

Note

The USB manager is only available for the Windows OS.