Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Archive > 2017October31 - LEM Deletes > Configuring the USB Defender Local Policy Connector on an Agent

Configuring the USB Defender Local Policy Connector on an Agent

Table of contents
No headers
Created by Caroline Juszczak, last modified by Kevin.Swinson on Oct 31, 2017

Views: 66 Votes: 1 Revisions: 11

The USB Defender Local Policy connector enables an agent to enforce restrictions on USB devices, even when the agent is not connected to the manager. Instead of using rules when disconnected, the connector uses a list of permitted users or devices.

 

The agent compares the fields in all USB device attached events to a locally stored white list of users or devices. If none of the fields match an entry on the list, the agent detaches the device.

When the agent is connected to the manager through the network, the manager rule also applies. Any devices listed in the local white list must be in the User Defined Group for authorized devices. Otherwise, the rule takes effect and the device detaches even though it was allowed by the white list in the USB Defender local policy.

When the agent is connected, the USB Defender Local Policy and the LEM rule are active.

  1. Create a text file with one entry per line.

    This file serves as the local policy. Each entry can be a user name or a USB device ID, from the Extraneous Info field of an attached alert.

    Wildcards are implied in the list. USB Defender will match partial strings by default. Adding a wildcard (*) to the list will be matched as a string and will not match the intended data

  2. In the LEM console, click Manage > Nodes.
  3. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0E0/Button-Gear_16x13.png next to the target node and select Connectors.
  4. Enter USB defender in the Refine Results window.
  5. In the Connectors grid, locate the USB Defender Local Policy connector.
  6. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0E0/Button-Gear_16x13.png next to the connector and select New.
  7. Click the ellipsis in the UDLP pane and locate the text file you created above.
  8. Upload your list to the connector, and then click Save.
  9. When the new connector appears in the Connectors list, click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0E0/Button-Gear_14x11.png and select Start.

The authorized devices in the local white list must also be in the UDG for manager Detach Unauthorized USB rule or the rule on the manager enforces detachment when the laptop is connected to the network. In reverse, if you are using a blacklist and the device is in the USB Local Policy and not in the User Defined Group of the rule, the device still detaches.

Having a device or user in one white list or black list and not in the other is not recommended and yields inconsistent results.

 

Last modified

Tags

Classifications

Public