Adding USB Monitoring Rules

To create a new USB monitoring rule, do the following:

1. Log in to the Management Tool as a user with the administrative Client Installation and Management permission.

2. Click the USB Monitoring navigation link (on the left).

3. On the USB Monitoring page that opens, click the Add button (in the top right of the page).

4. On the Add USB Rule page that opens, on the USB Rule Properties tab, define the following parameters, and then click Next (in the bottom right of the page):

• Select the Enable USB rule checkbox to enable the rule.

• Enter a unique Name for the rule.

• Optionally, enter a Description for the rule.

• Select the required Risk Level.

5. On the Rule Conditions tab, define the following parameters, and then click Next:

• Select the device classes to be monitored in the Monitored Devices list by selecting the checkboxes next to them.

NOTE: Only the "Mass storage devices" and "Vendor-specific devices" device classes are currently supported for macOS Clients.

• Define exceptions for specific individual USB devices not to be monitoring or blocked.

6. On the Additional Actions tab, define what happens when a device from the list of Monitored devices is used on a target computer, by selecting the following checkboxes:

• In the Notifications section, select any of the following checkboxes:

- Send email notification to: Allows you to receive a notification by email on device detection.

NOTE: To receive email notifications correctly, make sure that the Email Sending Settings contain the correct parameters for sending emails.

- Show warnings in Tray Notifications application: Allows you to receive a notification in the Tray Notifications application on device detection.

• In the Actions section, select either of the following checkboxes:

- Block access to mass storage device until administrator's approval: Allows you to prevent the use of the USB devices until the specified Approver grants access to it. Users specified as Approvers can approve the USB device access request in one of the following ways: by email (if an email address is defined for the specified users) or on the Access Requests page of the Management Tool.

Optionally, you can also enter a custom message to be displayed to the user when a device is connected to the Client computer.

NOTE: By default, if a request is not processed within 30 minutes after it has been submitted, it will automatically expire. You can change these settings on the System Settings tab on the Configuration page.

NOTE: This feature is not currently supported for macOS Clients.

NOTE: For internal users to receive the email request correctly, make sure that on the User Details tab of the Editing User page, valid email addresses are defined.

- Block USB device: Allows you to prevent users from using the devices specified on the Monitored Devices list on the target computers. This option affects all users, regardless of the user filtering settings.

NOTE: Only one of the two checkboxes above to enable blocking access to USB devices can be selected.

NOTE: This feature is not currently supported for macOS Clients.

- Notify user on the target computer about device blocking: Allows you to define a custom message to be displayed in a balloon notification on the Client computer (maximum 250 characters).

Optionally, you can also enter a custom message to be displayed to the user when a device is connected to the Client computer.

NOTE: This feature is not currently supported for macOS Clients.

    NOTE: If none of the above actions are selected, the devices detected will only be displayed in the Session Viewer.

7. On the Assigned Clients tab, click the Add button in the Clients / Client Groups sections, and in the pop-up window that opens, select the Clients / Client groups to which the rule will be applied.

NOTE: To find specific Clients / Client groups, enter their names or part of their names in the Search box.

8. Click the Finish button (in the bottom right of the page).

9. The USB monitoring rule is then added to the list displayed in the grid on the USB Monitoring page.

NOTE: If the USB monitoring rule is created while the device is connected to the Client computer, device blocking will not work. For the rule to work, the device first needs to be unplugged and then plugged in again.