Hi,
I have an problem concerning my USB connectivity policy. My endpoint zone is blocking all USB devices. Users do have access for known USB devices (USB storage devices) I have put into another USB connectivity policy which is attached to the User objects. In general everything is working fine, unknown devices are blocked and registered devices are allowed.
But I have weird behavior when a new,unknown USB device is connected the very first time. Then Windows starts detecting it, installs the driver but does NOT deactivate them. The device is displayed and accessible through the Windows Explorer. It seems something is blocking the Endpoint agent from deactivating it. Windows Autoplay and Autorun Function already HAS BEEN disabled. No Antivirus is installed on that system.
The ZES log files contain many of these messages:
""USB-Massenspeichergerät"(USB\VID_0781&PID_5151\0775131 B33009E3D) failed
[09.04.2012 10:45:19.692][14] Component: Always: ZES Component Manager: Reboot Requested by: Device Watcher (Suppressed)"
Same behavior i had when Autoplay was still active: Once the Windows Autoplay did automatically open a folder or file on a new stick, the Endpoint agent was unable to deactivate the device. This seems not to be a very reliable method to block devices...!
When I disconnect and insert the device again, everything is fine (blocked). Problem only appears on very first use of a device!
My questions:
Can I somehow prevent that Windows displays new devices in the Windows Explorer before they are blocked? I would prefer that they FIRST are evaluated and THEN will be accessible for the User?
Is there another place in ZCC (except by adding USB connectivity policies to the zone) forcing the endpoint agent to block devices?
I have an problem concerning my USB connectivity policy. My endpoint zone is blocking all USB devices. Users do have access for known USB devices (USB storage devices) I have put into another USB connectivity policy which is attached to the User objects. In general everything is working fine, unknown devices are blocked and registered devices are allowed.
But I have weird behavior when a new,unknown USB device is connected the very first time. Then Windows starts detecting it, installs the driver but does NOT deactivate them. The device is displayed and accessible through the Windows Explorer. It seems something is blocking the Endpoint agent from deactivating it. Windows Autoplay and Autorun Function already HAS BEEN disabled. No Antivirus is installed on that system.
The ZES log files contain many of these messages:
""USB-Massenspeichergerät"(USB\VID_0781&PID_5151\0775131 B33009E3D) failed
[09.04.2012 10:45:19.692][14] Component: Always: ZES Component Manager: Reboot Requested by: Device Watcher (Suppressed)"
Same behavior i had when Autoplay was still active: Once the Windows Autoplay did automatically open a folder or file on a new stick, the Endpoint agent was unable to deactivate the device. This seems not to be a very reliable method to block devices...!
When I disconnect and insert the device again, everything is fine (blocked). Problem only appears on very first use of a device!
My questions:
Can I somehow prevent that Windows displays new devices in the Windows Explorer before they are blocked? I would prefer that they FIRST are evaluated and THEN will be accessible for the User?
Is there another place in ZCC (except by adding USB connectivity policies to the zone) forcing the endpoint agent to block devices?