Disable Data Transfer From USB

Posted on 2013-10-01
Medium Priority
Last Modified: 2013-10-07
Attempting to disable Data transfer from any USB devices, without losing the USB functionality of USB Keyboard / Mouse Running Windows XP Pro.  I am aware Disabling though the BIOS.  We are running SEP 11 I'm pretty sure there is a way to configure SEP to block USB data transfer, not sure where it is.
Question by:ManieyaK_
LVL 18

Expert Comment

by:Steven Harris
ID: 39536598
1) Log-in to the SEP Manager console.
2) Select Policies, then Application and Device Control under Policies.
3) Select the Application and Device Control policy to be modified in the right-hand pane.
4)  Under Tasks, click Edit the Policy.
5)  In the left pane, under Application and Device Control, click Device Control.
6)  In the Blocked Devices section, click Add
7)  In the Device Selection window select USB, click OK.  

USB should now be listed under Device Name in the Blocked Devices section.

To exclude the Mouse and Keyboard as blocked devices:  

1)  In the right pane of the Application and Device Control Policy window, select the Devices Excluded From Blocking section.  Click Add
2)  In the Device Selection menu, click Human Interface Devices (Mice, ... etc).  Click OK.  

Assign the modified Application and Device Control Policy to the appropriate Machine Groups.
LVL 22

Expert Comment

by:Nick Rhode
ID: 39536599
You have a server in place or you want it do it on a local system?

Author Comment

ID: 39536741
This is on a non networked DSS computer that is running the Un Managed version on SEP 11
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

LVL 23

Assisted Solution

ComputerTechie earned 1000 total points
ID: 39545945
LVL 58

Expert Comment

ID: 39546091
http://www.trinit-soft.de/usb-waechter/ is a freeware that is meant for single computers. Does just what you want. To deploy settings network wide you would need to export the config of one configured computer to all others. This could be done with GPOs (export registry parts or .ini-files)-

Author Comment

ID: 39548334
McKnife this looks like it would be very useful however when i downloaded the package & installed, even though i translated the Web page into English all of the wording with the application were not in English.  I attached a screen shot of what i get.  Please advise if there is an English version for download.


Author Comment

ID: 39548336
This looks like it will be very useful as well for what i am looking to do, I will not be able to test until first of week

Author Comment

ID: 39548361
Also I was wanting to know if there is a a way to disable Only USB data transfer devices. For instance if i wanted to plug in peripheral devices such a USB printer or USB mouse / keyboard & use them.  But restrict USB data devices from transfering / receiving data.
LVL 38

Accepted Solution

Rich Rumble earned 1000 total points
ID: 39549135
ComputerTechie's comment   39545945 outlined (above)how windows allows you to prevent mass-storage devices, but sill allows you to charge and iphone or use mouse/kb's over USB.  http://support.microsoft.com/kb/823732
LVL 58

Expert Comment

ID: 39549287
I am sorry, it looks as if there is no English version available. The setup and configuration are quite easy, you might manage to configure it without learning German, I would give it a try.

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Super Bowl is just days away. Millions of advertising dollars will be spent in just a few hours to drive people to websites around the globe. Optimizing your site in anticipation of a big event like this (and the traffic surges that follow) will…
Nuance's PaperPort may display this error message: PaperPort appears to be running Windows XP Compatibility Mode which may result in errors. We recommend disabling Compatibility Mode for the PaprPort.exe program, see Technote 6629. This articl…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question