Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > LEM Administrator Guide > Configure the USB Defender local policy connector in LEM

Configure the USB Defender local policy connector in LEM

Table of contents
No headers

Updated: September 15, 2017

The USB Defender Local Policy connector enables a LEM Agent to enforce restrictions on USB devices, even when the Agent is not connected to the LEM Manager. Instead of using rules when disconnected, the connector uses a list of permitted users or devices. The Agent compares the fields in all USB device-attached events to a locally stored white list of users or devices. If none of the fields match an entry on the list, the Agent detaches the device.

When the Agent is connected to the Manager through the network, the Manager rule also applies. Any devices listed in the local white list must be in the User Defined Group for authorized devices. Otherwise, the rule takes effect and the device detaches even though it was allowed by the white list in the USB Defender local policy. When the Agent is connected, the USB Defender Local Policy and the LEM rule are active.

  1. Create a text file with one entry per line.

    This file serves as the local policy. Each entry can be a user name or a USB device ID, from the Extraneous Info field of an attached alert.

  2. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  3. Click Manage > Nodes.

  4. Click  next to the target node and select Connectors.

  5. Enter USB defender in the Refine Results window.

  6. In the Connectors grid, locate the USB Defender Local Policy connector.

  7. Click  next to the connector and select New.

  8. Click in the UDLP pane and locate the text file you created above.

  9. Upload your list to the connector, and then click Save.

  10. When the new connector appears in the Connectors list, click Click   and select Start.

The authorized devices in the local white list must also be in the UDG for Manager Detach Unauthorized USB rule or the rule on the Manager enforces detachment when the laptop is connected to the network. In reverse, if you are using a blacklist and the device is in the USB Local Policy and not in the User Defined Group of the rule, the device still detaches.

Having a device or user in one white list or black list and not in the other is not recommended and yields inconsistent results.

Last modified