Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > USB Defender is unable to detect secure thumb drives

USB Defender is unable to detect secure thumb drives

Table of contents
No headers

Windows does not write a log entry when a USB device is attached to a computer. By installing Windows Defender, the application reads the Windows API and detects it as a mass storage device. This will detach it from the computer. If the appropriate signal is not sent from the Windows API, USB Defender will not be able to detach the device.

There is one possible workaround but this may cause other issues.

The user needs to update the rule used to initiate the active responses so that it blocks all USB devices except the authorized ones.
This action may affect detection of other devices such as USB attached printers, keyboards and mouse units.

Additional information about USB Defender’s actions can be found in the TNSwind log file in the ContegoSPOP directory on the host machine.

32-bit computers - 

C:\Windows\System32\ContegoSPOP\spop

64-bit computers - 

C:\Windows\SysWOW64\ContegoSPOP\spop

Linux - 

/usr/local/contego/ContegoSPOP
Last modified

Tags

Classifications

Public