Endpoint Protection

Hello Team,

We are using the Block USB Storage Devices rule to block access to USB drives. Normally, in order to allow a device on Windows, I will add it to Hardware Devices under Policies and then set it as a (*) wildcard under Do not apply to the following files and folders under File and Folder Access Attempts. This has been working pretty consistently until I came across a new batch of USB drives that have a somewhat different Device ID (USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\). Nothing that I have tried so far will allow these drives, and they are still being blocked. Any assistance would be appreciated.

Thanks,
Rakesh

Please go to Dashboard ---> Policies
Policies -- > Application and Device Control
create a new policy Application and Device Control test
Application and Device Control--> Windows Settings -- > Blocked Devices -- > Click on Add
in Device Selection choose USB by class (identification) and click ok
in bottom you will find Device excluded from blocking
Click Add
in Device Selection choose Human Interface Devices (Mice, Joysticks, Gamepads ) by class  and click ok
Save policy and apply in a test group 
move 1 computer to that group and test it first  than apply on a desire group

Please use class ID not device ID
Original Message:
Sent: 11-18-2021 02:37 PM
From: Rakesh Tamarapalli
Subject: Application Control blocking USBSTOR device that has been added to exception list

Hello Team,

We are using the Block USB Storage Devices rule to block access to USB drives. Normally, in order to allow a device on Windows, I will add it to Hardware Devices under Policies and then set it as a (*) wildcard under Do not apply to the following files and folders under File and Folder Access Attempts. This has been working pretty consistently until I came across a new batch of USB drives that have a somewhat different Device ID (USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\). Nothing that I have tried so far will allow these drives, and they are still being blocked. Any assistance would be appreciated.

Thanks,
Rakesh

if you want to allow only (USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\) this device than go to 
Policies - - > drop down Policy Components menu
select Hardware Devices 
right click and add 
you will find Hardware Device box just put this USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\ and select Device ID option
save it
and than go to the policy and add this device in exclusion list
this USB will work


Original Message:
Sent: 11-21-2021 03:01 AM
From: Imtiaz Hussain
Subject: Application Control blocking USBSTOR device that has been added to exception list

Please go to Dashboard ---> Policies
Policies -- > Application and Device Control
create a new policy Application and Device Control test
Application and Device Control--> Windows Settings -- > Blocked Devices -- > Click on Add
in Device Selection choose USB by class (identification) and click ok
in bottom you will find Device excluded from blocking
Click Add
in Device Selection choose Human Interface Devices (Mice, Joysticks, Gamepads ) by class  and click ok
Save policy and apply in a test group
move 1 computer to that group and test it first  than apply on a desire group

Please use class ID not device ID
Original Message:
Sent: 11-18-2021 02:37 PM
From: Rakesh Tamarapalli
Subject: Application Control blocking USBSTOR device that has been added to exception list

Hello Team,

We are using the Block USB Storage Devices rule to block access to USB drives. Normally, in order to allow a device on Windows, I will add it to Hardware Devices under Policies and then set it as a (*) wildcard under Do not apply to the following files and folders under File and Folder Access Attempts. This has been working pretty consistently until I came across a new batch of USB drives that have a somewhat different Device ID (USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\). Nothing that I have tried so far will allow these drives, and they are still being blocked. Any assistance would be appreciated.

Thanks,
Rakesh

The steps mentioned below will work if we are using Device Control for Windows devices, but we are using Application Control with the Block USB Storage Devices option enabled. 
We tried using Device Control to achieve this but were having too many issues with USB devices being blocked that were not storage devices and experiencing blue screens on some machines. 

If I use the bottom option within Application Control, it will allow all USB drives of that type and not just specific USB drives added by their unique device ID.

Original Message:
Sent: 11-21-2021 03:04 AM
From: Imtiaz Hussain
Subject: Application Control blocking USBSTOR device that has been added to exception list

if you want to allow only (USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\) this device than go to
Policies - - > drop down Policy Components menu
select Hardware Devices
right click and add
you will find Hardware Device box just put this USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\ and select Device ID option
save it
and than go to the policy and add this device in exclusion list
this USB will work


Original Message:
Sent: 11-21-2021 03:01 AM
From: Imtiaz Hussain
Subject: Application Control blocking USBSTOR device that has been added to exception list

Please go to Dashboard ---> Policies
Policies -- > Application and Device Control
create a new policy Application and Device Control test
Application and Device Control--> Windows Settings -- > Blocked Devices -- > Click on Add
in Device Selection choose USB by class (identification) and click ok
in bottom you will find Device excluded from blocking
Click Add
in Device Selection choose Human Interface Devices (Mice, Joysticks, Gamepads ) by class  and click ok
Save policy and apply in a test group
move 1 computer to that group and test it first  than apply on a desire group

Please use class ID not device ID
Original Message:
Sent: 11-18-2021 02:37 PM
From: Rakesh Tamarapalli
Subject: Application Control blocking USBSTOR device that has been added to exception list

Hello Team,

We are using the Block USB Storage Devices rule to block access to USB drives. Normally, in order to allow a device on Windows, I will add it to Hardware Devices under Policies and then set it as a (*) wildcard under Do not apply to the following files and folders under File and Folder Access Attempts. This has been working pretty consistently until I came across a new batch of USB drives that have a somewhat different Device ID (USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\). Nothing that I have tried so far will allow these drives, and they are still being blocked. Any assistance would be appreciated.

Thanks,
Rakesh