I have accomplished the following for USB Defender configuration:
- Uploaded text file whitelist to USB Defender Local Policy connector,
- Created matching list on LEM as user defined group,
- Loaded USB Defender Extended connector,
- Cloned rule to Detach Unauthorized Devices.
So I'm ready to test this, but before I do I need three questions answered:
- How do I test this on a limited set of machines, while being absolutely SURE it doesn't activate on the whole domain?
- I know that this disables ports when an unauthorized device is inserted, but what about devices that are ALREADY attached and being used? Does it shut down ports that are already in use or just when they are attached? ...what about reboots?
- Once an unauthorized USB device has been detached, is there a way to reactivate that port without PHYSICALLY reinserting it? If the detached device is added to the white list, will it become reactivated (without being reinserted)?
Thanks for any feedback!