RyanTsai 3 Posted March 22, 2016 Posted March 22, 2016 As titled, is it possible to control USB keyboard and mice using Device Control? This would be useful in some POS configuration.
ESET Staff Solution MichalJ 434 Posted March 22, 2016 ESET Staff Solution Posted March 22, 2016 (edited) Hello, as of now it is not possible to use device control for blocking / controlling USB keyboard and mice. We will track that as an improvement request for future versions. However, I would like to know more about your usecase. Will be the devices managed remotely by ERA? Would you like to block all USB peripherals (Keyboard / Mice)? What about the case, when a service team comes in, and it needs to perform some maintenance of the machine locally? Will there be a process in place, that will deploy a different policy for that time? Blocking input devices is tricky, if you do it locally, you have effectively locked yourself out of the machine, and you won´t be able to control it. Therefore, the use-case needs to be properly validated before proceeding. Please provide more information about the problem scenario, you are trying to solve. Edited March 22, 2016 by MichalJ
RyanTsai 3 Posted March 23, 2016 Author Posted March 23, 2016 Hello, as of now it is not possible to use device control for blocking / controlling USB keyboard and mice. We will track that as an improvement request for future versions. However, I would like to know more about your usecase. Will be the devices managed remotely by ERA? Would you like to block all USB peripherals (Keyboard / Mice)? What about the case, when a service team comes in, and it needs to perform some maintenance of the machine locally? Will there be a process in place, that will deploy a different policy for that time? Blocking input devices is tricky, if you do it locally, you have effectively locked yourself out of the machine, and you won´t be able to control it. Therefore, the use-case needs to be properly validated before proceeding. Please provide more information about the problem scenario, you are trying to solve. Thanks for the reply Michal! Basically one of my clients have setup some locked down kiosk machines for their in-shop customers. These kiosks have touch screens and run custom software on top of Windows, which includes vitual-onscreen keyboards. One of the functionality is that they provide USB ports for their customer to plugin USB storage devices or card readers in order to print files off these devices. They're concerned about that security of these kiosks might be compromised if customers plugin USB keyboards/mice and then somehow get around the custom software, which is why they want to control USB keyboards and mice. They're planning to have these machines managed remotely by ERA, in case of doing service their idea is to use remote desktop. In the case that network is not available, they'll either use the touchscreen to perform service, or in the worst case scenario, uninstall antivirus software in safe mode then re-install afterwards. Another thing to consider would be how the touch screen drivers are implemented, if it emulates USB mice/keyboards then obviously this cannot work.
Recommended Posts