Menu path: Devices > USB Access Control

You can allow or prohibit the use of USB devices on your endpoint. Specific rules for individual devices or device classes are possible.

Enable

☑ USB access control is enabled and the following settings can be configured.

☐ USB access control is inactive. (Default)

Default rule: Specifies whether the use of USB devices is allowed or prohibited.

  • Allow
  • Deny

Tip

To secure your endpoint, it is generally recommended to set Default rule to Deny and to configure Allow rules only for the required USB devices and USB device classes. For an example, see How to Configure USB Access Control.

Default permission: Default access rights for USB devices.

  • Read Only
  • Read/Write

Class Rules

Class rules apply to USB device classes.

Click on to create a new rule.
An input mask with the following options will open:

Rule: Specifies whether the use of the device class defined here is allowed or prohibited.

Class ID: Device class for which the rule should apply. (Examples: Audio, Printers, Mass Storage).

Name: Name of the rule

Device Rules

Device rules apply to specific USB devices.

Click on to create a new rule.
An input mask with the following options will open:

Rule: Specifies whether the use of the device defined here is allowed or prohibited.

Vendor ID: Hexadecimal ID of the device manufacturer

Product ID: Hexadecimal ID of the device

To find out the Vendor ID and Product ID of the connected USB device, use the command lsusb (or lsusb | grep -i [search term]) in the terminal. You can also use the System Information tool, see Using “System Information” Function.

Device uuid: Universal Unique Identifier of the device

Permission: Authorizations for access to the device
Possible values: 

  • Global setting: The default setting for hotplug storage devices is used; see the Default permission parameter under Devices > Storage Devices > Storage Hotplug.
  • Read only
  • Read/Write

Name: Name of the rule

Further setting options can be found under Storage Hotplug.