This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

USB Device Exemption Does not work when Device ID is used

In the past, I have used the Device ID to allow a USB. However, recently I made some changes in which I removed all Exempted USB drives and then on a case by case basis started exempting them. Here is my experience,

When a USB device is inserted, it gets blocked, I got to Add exemption and if I add exemption based on Model Number, it will open it up. However, if I use device ID, nothing happens.

Also, I am guessing this is a natural effect of exempting using device model number, is all of the devices that are of the same model are all exempted. Is this normal?

Does anyone else face the issue with exempting with Device ID? 

 

With this setting, the device is being blocked. I have three of the same model USBs and when I change the setting to Enforce by Model No. on one entry, all of the USB drives become enabled.



This thread was automatically locked due to age.
  • Hi Durgesh,

    I have never had much luck with the ID exemption across devices because that Device ID is just it's Hardware ID as based from the Device Driver which is not actually specific per device.

    I have raised a case about this to PM in the past but the response I got was that it was not going to change. I raised the case because it should be referencing the GUID and not the Hardware ID.

    Unfortunately, the only way we can get this changed is to raise a case for each instance that it occurs so it might get improved/fixed in a later version.

    However, it should unblock the USB by the ID you have set but the policy you have set in the screenshot is to block it by its ID and not to allow it?

    Emile

  • Hey Emile

    LOL. That is my bad. I was testing something and had tried to block a few devices and then allow (thinking that toggling would help) and happened to take a screenshot. However, I do have it to Allow.

    I will raise a ticket and see if they can help me. I am really not sure if Peripheral blocking is effective using Model No, as it will unlock a bunch. Until I get some non popular brands and make it an Authorized device. What do you think?

     

    Thank you.

  • Hi Durgesh,

    Ah, fair enough. I wasn't thinking it would be something as simple as that :P

    Tbh, that's what one of my customers has done simply because the ID is so unreliable, it is quite disappointing. What is interesting is sometimes it does work if you have two devices of the same model, plug both in and allow by ID only one of them sometimes it will actually work and only one will be allowed. Then sometimes it allows them all and sometimes it allows none.

    That and apparently the backend does use the GUID (ish) but isn't presenting it on the GUI so there is no way of knowing which one you're removing on cleanup.

    Hope it helps!

    Emile